Ground Labs

Enterprise Recon can discover a wide range of data, coming with over 250 predefined data types (and over 300 when including variants) that span a variety of regulations including GDPR, CCPA, HIPAA, and PCI DSS. You can also create your own, custom data types if need be. The data in your system can then be matched to a selection of these data types during the discovery process. The product will determine the content type of each of your files and/or records, perform appropriate decoding and transformation, then attempt to recognise and match your data. This matching is achieved via pattern matching using GLASS (‘Ground Labs Accurate Search Syntax’), Ground Labs’ bespoke pattern matching technology for data discovery. GLASS has been built by Ground Labs from the ground up to be easy to read and to develop in when used for data discovery, and this makes it far more fit-for-purpose than simply supporting regular expressions as commonly used.

Moreover, pattern matching using GLASS is able to use contextual information to help determine whether a match is correct, and therefore whether the data in question is sensitive. This means that, for example, you could write a pattern that locates address information but that disregards corporate addresses based on particular terms or keywords that appear near the data. This can go the other way, as well, where otherwise innocuous data can be identified as sensitive based on its context.

Once the data discovery process is finished, Enterprise Recon exposes your results as part of its dashboard, as shown in Figure 1. It also allows you to review your results and then remediate the data you’ve matched. Reviewing your data allows you to search through, filter and, if necessary, manually curate your matched data. Information on each match is displayed in detail, including samples of the matched data as well as relevant contextual data.

Remediation, on the other hand, enables you to secure the data you’ve discovered. Depending on the data source and the type of file, up to four remediation actions may be available to you: mask, quarantine, encrypt, and delete. Mask allows you to statically mask data by partially replacing it with a series of ‘x’ characters (this could more accurately be described as redaction); quarantine allows you to move data to a secure location of your choice; encrypt is self-explanatory; and delete allows you to permanently remove data from your system but, importantly, is not available for databases (which is a good thing: database administrators don’t tend to appreciate this sort of intervention). All remediation actions taken are stored in a remediation log that can be reviewed at will.

Enterprise Recon also allows you to locate all data associated with a given individual, and thereby supports data subject access requests (DSARs), which is important for complying with GDPR. Further, the product provides an open API that allows it to integrate with third party applications. It boasts particularly close integration with Data Loss Prevention (DLP) products. In addition, it supports a wide variety of data sources, including file systems, relational databases (such as MySQL, Sybase, Teradata, PostgreSQL, Oracle and DB2), MongoDB, all three major cloud providers (including S3) and SharePoint. Ground Labs also plans to release support for InterSystems Caché in Q1 2020 and SAP Hana during the second half of 2020. Given that InterSystems in particular is a major player in the healthcare industry, especially when it comes to the storing of patient service records, supporting it will be a significant advantage.

Enterprise Recon has a number of capabilities worth commenting on. For starters, it will discover an impressively wide range of data types out of the box, and therefore speak to the majority of compliance regulations that are currently active. The fact that you can define your own data types extends it to address any existing regulation, at least in principle, and allows its discovery to remain malleable in the face of changing regulations or non-regulatory requirements. It also supports a relatively wide range of data sources, including both relational and NoSQL databases, and provides remediation capabilities.

While we would normally question the completeness of discovery offered by a product that relies solely on pattern matching, Enterprise Recon escapes this criticism due to the additional, contextual capabilities powered by GLASS. Being able to leverage contextual information gathered from the attributes surrounding your data allows you, with the right matching rules, to both match sensitive data that would otherwise go unnoticed, reducing false negatives, and refrain from matching data that isn’t sensitive, reducing false positives.

In addition, Enterprise Recon provides more than just regulatory compliance, despite the clear emphasis it places upon it. Its data discovery capabilities can also be put to use to locate data that, while not covered under any regulation, may be particularly valuable to your organisation and therefore worth securing. For example, you might want to identify intellectual property buried within your system or obtained during a corporate acquisition.

The Bottom Line

Enterprise Recon is an efficient, low resource, fit-for-purpose solution for discovering data across your enterprise. If you need to get a better grip on your sensitive data – for regulatory compliance or for any other reason – it is worth evaluating.