In today’s digital economy, organizations of all sizes manage vast amounts of sensitive data every day, including financial records, intellectual property and personal information. In addition to the serious and ever-increasing risk of data breaches, an expanding regulatory environment requires thorough and effective processes to identify, categorize and safeguard sensitive data.
A comprehensive sensitive data discovery process requires multiple steps and ongoing strategies. Below, 18 of its members Forbes Technology Council share their advice to help organizations develop monitoring and remediation efforts to secure sensitive data and comply with evolving regulations and industry best practices.
1. Accurate identification and classification of sensitive information
An essential step in sensitive data discovery is the accurate identification and classification of sensitive information. This fundamental action enables tailored data loss prevention strategies, ensuring that effective protection measures are applied to the right data sets. Without accurate identification, efforts to secure critical data can be misguided, putting data security and compliance at risk. – Sunil Sankaramanchi, Wenable Inc.
2. Control of Microservices
Modern architectures may run thousands of microservices, increasing the potential for sensitive data to be leaked to logs or to unintended recipients. Gaining visibility and control over microservices transmitting sensitive data, such as personally identifiable information or proprietary information, is a key step in preventing inadvertent disclosure. Failure to understand the services being performed can render data security posture management ineffective. – Robert Bair, Team Cymru
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Am I eligible?
3. Identification of data sources
An essential step in the data discovery process is to understand the body of data and follow the digital crumbs. This includes identifying data sources including text messages, social media, operating systems and so on. This step is critical because it provides insight into the depth of the digital footprint, enabling full data discovery and ensuring holistic monitoring and remediation efforts. – Haresh Bhungalia, Casepoint
4. Prioritization through basic framework
A very important step is to prioritize the exposure of sensitive data through adequate context, including data usage, access, security posture, threat activity and traffic. The framework helps identify “toxic mixes” of data, differentiate customer data from employee data, and accurately detect and classify sensitive data hidden in unstructured data so that appropriate risk and remediation priorities can be assigned. – Asaf Kochan, Sentra
5. Create a data series
Data serialization will allow you to automate your initial classification assessment and ongoing maintenance of sensitive data. Once the data is in your system, it can be processed and transferred to many different systems within the organization. Detecting where data has moved makes managing sensitive data much more efficient than constantly scanning all data. – Shinji Kim, Select Star
6. Zero Trust Application
Implement a zero-trust policy. You should grant minimal access—only what is required to complete an assigned task—to your users. This can mean time-slotting the access granted to files, granting access at the file level instead of the directory level, and assigning permissions at the user level instead of the group level. This ensures that people can only see what they need to do their job and nothing more. – Matt Dixon, Eclipse Telecom
7. Create templates for metrics collection
Classifying data that complies with an organization’s data privacy requirements is a good first step. Establishing standards for the collection of metrics—such as the number of sensitive records, where they are stored, and who has access to them—reduces the need for manual tagging, thereby providing a more automated and comprehensive approach to data management. – Tej Luthra, Amazon Web Services
8. Mapping Data Streams
An essential step is to map the data flows. It is vital because it reveals how sensitive data moves through the supply chain or manufacturing processes, identifying potential vulnerabilities. Continuous monitoring ensures data integrity, while timely remediation addresses any identified weaknesses, protecting against breaches and ensuring compliance. – Richard Lebovitz, LeanDNA
9. Ensuring clean data is received at the source
In our (compliance solutions) world, it’s all about making sure you get clean data at the source. If the data is initially of poor quality, the checks, reconciliations, corrections and so on are all labor-intensive and extremely expensive, and leave open risks. Ensure high data quality by creating direct validations at the source, cross-checks and the ability to discard bad data. – Maria Scott, TAINA technology
10. Watch The Darknet
Proactively monitoring the darknet for compromised data is key. Exposed data does not disappear after the initial cyber threat is addressed. Instead, darknet criminals use it for follow-on attacks, including fraud, session hijacking, and ransomware. To protect against these threats, security teams must implement an approach that proactively addresses all compromised assets. – Damon Fleury, SpyCloud
11. Establishment of Continuous Monitoring
Continuous monitoring is key. It ensures that sensitive data remains protected by early detection of any new vulnerabilities or breaches. Regular monitoring enables quick remedial actions, ensuring data integrity and ensuring regulatory compliance. – Favor Femi-Oyewole, Access bank PLC
12. Accounting for data stored on customers
Be sure to consider data stored on clients. While most discovery data focuses on servers, many companies forget that users often have 2TB hard drives — essentially, portable servers. Therefore, it is much better to use thin clients, remove client hard drives and store all data on servers. – Eric Cole, Secure Anchor Consulting
13. Creating a comprehensive metadata ontology
Work with the governance team to create a comprehensive metadata ontology that you can adhere to during the discovery phase. Understanding the key metadata associated with your data means that, when connected to sensitive systems and environments, you maintain a perspective on important governance and structural elements of the data, including its owners, usage restrictions and retention. – Lewis Wynne-Jones, ThinkData works
14. Conduct regular data audits
Regular data audits are vital for organizations to assess the health of their data, identify anomalies, ensure compliance with data protection policies and detect potential breaches. The audit includes examining access logs, monitoring data usage patterns, and verifying adherence to established security protocols. – Meiran Galis, Scytale
15. Assigning risk scores to data
An essential step in discovering sensitive data is assigning it a risk score. This helps you determine how that data should be protected. For example, if it is very high-risk data, it must be covered irreversibly, while if it is medium-risk data and useful to the business, it can be encrypted and accessed only by authorized persons. – Ameesh Divatia, Baffle, Inc.
16. Tagging real-time data
Dynamic tagging is essential to the process. It’s a bit like putting smart tags on data. That means tagging different types of information in real time, helping you understand what’s sensitive. With dynamic tagging, continuous monitoring becomes easier. it’s like having an intelligent system that always knows what’s important and actively protects it. – Maxim Petruk, WeSoftYou
17. Leveraging Behavioral Data Profiling Techniques
Incorporating behavioral data profiling techniques into sensitive data discovery provides proactive insights into data usage patterns, helping to identify and mitigate risk. Analysis of user behavior and access histories enhances ongoing monitoring efforts, ensuring better protection against unauthorized access or misuse. – Jagadish Gokavarapu, Wissen Infotech
18. Application of Data Hiding
Applying data obfuscation techniques when discovering sensitive data is crucial. It ensures that sensitive information is masked or replaced with realistic virtual data, protecting privacy during analysis and reducing the risk of unauthorized access or breaches. – Andrew Blackman, EZ Cloud
