Don’t Skip Data Discovery During Your Compliance Program

If your business collects customer data of any kind, it’s safe to assume you’re also aware of the multitude of new privacy and security mandates. While these regulations are an ideal driver of investment for bolstering your security programs, it’s important not to forget about one of the most important steps in the compliance process – data discovery.

Ignorance is now no excuse when it comes to breaches of datasets you didn’t even know existed. Regulators have now placed the onus on organizations to conduct a thorough discovery program to ask:

  • Which datasets are we collecting?
  • Where is this data is being stored?
  • Who has access to the data?
  • What is the data being used for in your business?

Unless you can definitively answer the above questions, you cannot guarantee your data is protected. 

Too often we see organizations that operate with the misguided belief that they know where their data is, particularly in production environments. But there are frequently dozens of non-production or DevOps environments that are creating multiple copies, and in turn multiple risk points. In fact, IDC research discovered that more than 80 percent of organizations surveyed had more than 10 copies of each database, amounting to around 2000 copies of each database that required protection.

At this point, it would be worth considering if every one of those databases requires the same level of protection. Almost certainly, the answer is no. This is where we see organizations wasting valuable time and resources on unnecessary protection for unclassified data. By properly classifying each dataset by its relative sensitivity, organizations can then align privacy and security requirements in a more strategic and cost-effective way.

By identifying every database, classifying sensitive data, and assessing vulnerabilities, your organization can make educated decisions on what investments need to be made, and where. The by-product of this exercise is drastically lowering your data management costs by removing duplicates and shrinking your overall data footprint. Between targeted security investments and less overall data to manage, your business could be saving millions.

While many organizations will attempt to conduct their discovery process manually, these processes are usually inefficient, and are unlikely to provide the most comprehensive view of your databases. An industry-recognized and purpose-built solution for discovery and classification offers a more efficient, scalable and sustainable process over the long-term with the ability to:

  • Uncover new, forgotten or rogue databases
  • Discover where sensitive data is stored 
  • Detect database vulnerabilities based on the latest research
  • Automating discovery, classification, and database vulnerability assessment 
  • Audit database configurations and measure compliance with industry standards
  • Streamline regulatory compliance efforts

Once your organization is armed with these capabilities, you can turn your attention to identifying the level of security you need for each database, application or workload. The end result is peace of mind for your compliance programs as well as improved efficiency and security across your databases.

 

The post Don’t Skip Data Discovery During Your Compliance Program appeared first on Blog.


Source: imperva

Recommended Posts

Leave a Comment