• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Tizor Corporate Headquarters
5 Clock Tower Place
Maynard, Massachusetts
01754
ino@tizor.com
www.tizor.com
800.231.8224Copyright
©
2007 Tizor Systems. All Rights Reserved.
Sasa sa sa asd asd sad asas as asa
Page 1v070329
 
whitepaper
Data Discovery and Risk in the Datacenter
The Data Discovery Challenge
One o the biggest challenges acing IT organizations is pinpointing the location o critical data throughout theenterprise. As businesses grow, data and its use grow exponentially. From personally identiable inormationand customer inormation to trade secrets and data governed by regulations, much o this data is sensitive andcritical to the business. It must be identied, monitored, audited, and protected rom misuse and thet.The need to comply with regulations, meet auditor demands, and minimize data risk adds to the challenge. Tomeet these needs, the ocus must shit to the data itsel. Traditional security solutions that ocus on the exter-nal threat are not the answer. Data-ocused technology is required.Understanding where data is located is the oundation o a sound ramework or assessing governance andcompliance risk. This is why data discovery is a critical component o risk mitigation. Without discovery, orga-nizations cannot gain control o data. While much attention has been paid to discovering data on laptops andother end point devices, a bigger problem looms. Data in the data center is not all accounted or. The sameprinciples o data discovery must be considered inside the data center itsel. This paper will ocus on datacenter data discovery.
UNDerStaNDiNG Data DiSCOVerY
Typically, sensitive inormation is scattered across the enterprise. Customer inormation (credit card numbers,Social Security numbers), employee inormation (SSNs, addresses, salary, and medical inormation), andoperational inormation (nancial data, IP) can reside in databases and le shares hidden and unprotected inthe data center. Regulations such as the Payment Card Industry Standard (PCI), Gramm-Leach-Bliley (GLBA),Sarbanes Oxley (SOX), and the Personal Data Privacy Act o 2007 require companies to protect data determinedto be private. All o this data is typically stored in a database in the data center.However, over the years, the data center has grown to include potentially hundreds or thousands o databaseservers that store this sensitive inormation. These servers can be scattered across the globe. Add to that theact that developers and quality assurance testers create their own databases with sensitive inormation andwe know have a situation where most companies simply do not know where all their data is inside the datacenter.This lack o visibility into critical data assets leaves companies exposed to signicant risks such as data thet,data breaches, and unapproved data access.The ability to understand where data stores are located, what is in those stores, and who has access to storeddata is a critical step in understanding data risk and achieving data governance and compliance. The ability toidentiy data and determine where it is located, whether it is in-use or at-rest, allows companies to assess theeectiveness o data classication policies and procedures. Additionally, visibility into data used or applicationdevelopment and testing is oten uncovered in data discovery initiatives. Data discovery allows an organizationto control data migration and replication or both application developers and testing needs.
 
Tizor Corporate Headquarters
5 Clock Tower Place
Maynard, Massachusetts
01754
ino@tizor.com
www.tizor.com
800.231.8224Copyright
©
2007 Tizor Systems. All Rights Reserved.Page 2v070329
The Verizon Report
During 2008, the Verizon Business Risk Team published a report called “2008 Data Breach Investigations Report”. This report wascompiled rom inormation rom over 500 orensic engagements handled by the Verizon Business Investigative Response team overa 4 year period. This is the denitive report in the industry on the causes o data breaches.The ndings in this report are eye opening. Consider these statistics:66% o breaches involved a system storing data that the organization did not know existed on that system27% o the breaches involved a system that had unknown network connections10% o the breaches involved a system that had unknown accounts or privileges7% o the breaches involved a system unknown to the organization.Further, when the study looked at the type o data being breached, they ound that over 84% o the time it involved payment card/credit card or personal inormation. And while most attention is paid to external hackers, the biggest risk or data breaches is romtrusted insiders.The implications o this study are signicant:Compromises are overwhelmingly happening to core database systems in the data centerYou can’t protect what you don’t know aboutInsiders are the biggest threatClearly, companies need to start by getting a solid inventory in place o all data assets.
BeSt praCtiCeS FOr Data DiSCOVerY aND riSK MaNaGeMeNt
Data risk can pose signicant business problems and it needs to be controlled. Fortunately, understanding and managing businessrisk are well-understood disciplines in most corporations. The same disciplines need to be applied to data risk.Risk management requires knowledge about data assets--where they are, what is happening to them, what bad things mighthappen to them and, most importantly, the costs associated with the bad things that could happen to them. For companies withstable assets, this is built into standard operations. For companies with changing assets and evolving centers o value, thechallenge is to become aware o the shits and deal with them as quickly as possible. The repercussions o not dealing withchanging assets could severely damage a business. Data is one o those changing assets.To this end, there are three key areas o data risk that organizations must control. These risks all into the category o “unknownunknowns” --unknown data stores, unknown user access, and unknown location o sensitive data. Simply, organizations must:
1. Discover Sensitive Data
Discovery is the rst step in uncovering data risk. It begins with nding and identiying critical data assets in the network,determining what data stores exist, and nding inormation inside o those data stores. Once this is accomplished, a data riskassessment becomes much simpler.
2. Assess Data Activity Risk
In order to understand data risk an organization must know who has access to which data. Visibility into data usage and theassociated risks is essential or developing the appropriate compliance and security strategy. This includes identiying how datais being used and which users and applications are accessing data rom where and when. This assessment must encompass allapplications, users, and processes relating to the access o sensitive data.
3. Ensure Data Compliance
To comply with a variety o regulations such PCI, SOX, HIPAA, GLBA and others, dozens o data protection requirements mustbe addressed. Compliance with these regulations includes the ability to provide regular and detailed reports that address theinormation requirements o outside assessors and internal stakeholders.
 
Tizor Corporate Headquarters
5 Clock Tower Place
Maynard, Massachusetts
01754
ino@tizor.com
www.tizor.com
800.231.8224Copyright
©
2007 Tizor Systems. All Rights Reserved.Page 3v070329
the Data DiSCOVerY MarKet LaNDSCape
There are many solutions in the market today that claim to help identiy data assets. Lets take a closer look at some o thesetools:
 
Data Classication tools – these tools will help “categorize” data, primarily or the purpose o tiered storage. Typicallythese tools are ocused on nding unstructured data on a variety o le shares. This data can be categorized by content,le type, useage and many other variables. Once categorized the tools can also help identiy the most appropriate storagesolution.Data Leak Prevention Tools – these tools are designed to prevent sensitive data rom leaving the enterprise over email,instant message, or illegal copying o data to removable devices. The discovery component o these tools scans leshares, identies dierent types o unstructured data, and then classies it. Polices are then written to monitor the fowo this data and stop unapproved activity.Fileshare crawlers – there are a number o ree tools on the market that will simply crawl a le share looking or dierentle types and create an inventory list o what they nd.While these tools do server a useul purpose, they are all missing a critical area o the enterprise – the data center. None othese tools help identiy database servers, database systems or discover sensitive content in the databases. And as we knowrom the Verizon report, this creates tremendous risk in the enterprise.
the SOLUtiON – DataBaSe DiSCOVerY iN the Data CeNter
Database activity monitoring (DAM) solutions mitigate data risk by discovering critical data in the data center; intelligentlymonitoring and analyzing the activity that aects it; providing detailed auditing trails; and reporting on all user access to datastored in open systems such as databases, leservers, and legacy applications such as mainrame systems.Database auditing and monitoring helps assure core data by addressing our critically important data issues:Data Discovery – Where is sensitive data stored in the data centerData Activity Monitoring – How, where, what, when, and by whom is data being accessed?Data Risk Assessment – I data risks are detected, can this risk be managed in an automated way to assure data orcompliance and governance?Data Risk Management - Can stored data be protected rom data thet, including data thet by authorized users?
hOw Data aCtiVitY MONitOriNG wOrKS
An ideal data auditing and monitoring solution cost-eectively answers key questions about stored data such as: where is thedata, who is accessing it, can data governance/compliance be achieved, and can data breaches be prevented? In order to answerthese questions, a DAM solution must possess our key capabilities:
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...