Ground Labs

Enterprise Recon can discover a wide range of data, coming with over 250 predefined data types (and over 300 when including variants) that span a variety of regulations including GDPR, CCPA, HIPAA, and PCI DSS. You can also create your own, custom data types if need be. The data in your system can then be matched to a selection of these data types during the discovery process. The product will determine the content type of each of your files and/or records, perform appropriate decoding and transformation, then attempt to recognise and match your data. This matching is achieved via pattern matching using GLASS (‘Ground Labs Accurate Search Syntax’), Ground Labs’ bespoke pattern matching technology for data discovery. GLASS has been built by Ground Labs from the ground up to be easy to read and to develop in when used for data discovery, and this makes it far more fit-for-purpose than simply supporting regular expressions as commonly used.

Moreover, pattern matching using GLASS is able to use contextual information to help determine whether a match is correct, and therefore whether the data in question is sensitive. This means that, for example, you could write a pattern that locates address information but that disregards corporate addresses based on particular terms or keywords that appear near the data. This can go the other way, as well, where otherwise innocuous data can be identified as sensitive based on its context.

Once the data discovery process is finished, Enterprise Recon exposes your results as part of its dashboard, as shown in Figure 1. It also allows you to review your results and then remediate the data you’ve matched. Reviewing your data allows you to search through, filter and, if necessary, manually curate your matched data. Information on each match is displayed in detail, including samples of the matched data as well as relevant contextual data.

Remediation, on the other hand, enables you to secure the data you’ve discovered. Depending on the data source and the type of file, up to four remediation actions may be available to you: mask, quarantine, encrypt, and delete. Mask allows you to statically mask data by partially replacing it with a series of ‘x’ characters (this could more accurately be described as redaction); quarantine allows you to move data to a secure location of your choice; encrypt is self-explanatory; and delete allows you to permanently remove data from your system but, importantly, is not available for databases (which is a good thing: database administrators don’t tend to appreciate this sort of intervention). All remediation actions taken are stored in a remediation log that can be reviewed at will.

Enterprise Recon also allows you to locate all data associated with a given individual, and thereby supports data subject access requests (DSARs), which is important for complying with GDPR. Further, the product provides an open API that allows it to integrate with third party applications. It boasts particularly close integration with Data Loss Prevention (DLP) products. In addition, it supports a wide variety of data sources, including file systems, relational databases (such as MySQL, Sybase, Teradata, PostgreSQL, Oracle and DB2), MongoDB, all three major cloud providers (including S3) and SharePoint. Ground Labs also plans to release support for InterSystems Caché in Q1 2020 and SAP Hana during the second half of 2020. Given that InterSystems in particular is a major player in the healthcare industry, especially when it comes to the storing of patient service records, supporting it will be a significant advantage.

Enterprise Recon has a number of capabilities worth commenting on. For starters, it will discover an impressively wide range of data types out of the box, and therefore speak to the majority of compliance regulations that are currently active. The fact that you can define your own data types extends it to address any existing regulation, at least in principle, and allows its discovery to remain malleable in the face of changing regulations or non-regulatory requirements. It also supports a relatively wide range of data sources, including both relational and NoSQL databases, and provides remediation capabilities.

While we would normally question the completeness of discovery offered by a product that relies solely on pattern matching, Enterprise Recon escapes this criticism due to the additional, contextual capabilities powered by GLASS. Being able to leverage contextual information gathered from the attributes surrounding your data allows you, with the right matching rules, to both match sensitive data that would otherwise go unnoticed, reducing false negatives, and refrain from matching data that isn’t sensitive, reducing false positives.

In addition, Enterprise Recon provides more than just regulatory compliance, despite the clear emphasis it places upon it. Its data discovery capabilities can also be put to use to locate data that, while not covered under any regulation, may be particularly valuable to your organisation and therefore worth securing. For example, you might want to identify intellectual property buried within your system or obtained during a corporate acquisition.

The Bottom Line

Enterprise Recon is an efficient, low resource, fit-for-purpose solution for discovering data across your enterprise. If you need to get a better grip on your sensitive data – for regulatory compliance or for any other reason – it is worth evaluating.

Enterprise Recon can discover a wide range of data, coming with over 300 predefined data types that span a variety of regulations, including GDPR, PCI DSS, CCPA, HIPAA, PIPEDA, PDPA and the Australian Privacy Act. You can also create custom data types. The product’s discovery process will determine the content type of each of your files and/or records, perform appropriate decoding and transformation, then attempt to match your data against the aforementioned data types. The latter is accomplished using GLASS (‘Ground Labs Accurate Search Syntax’), Ground Labs’ bespoke pattern matching technology.

GLASS can operate across multiple architectures simultaneously, and it can match against multiple patterns concurrently. It can operate on both structured and unstructured data, and in aid of the former it features an OCR (Optical Character Recognition) engine for extracting text from images. Moreover, it uses contextual information to improve the accuracy of its matches, by either bringing in or filtering out data based on its surrounding context. This means that, for example, you could write a pattern that locates address information but that discards corporate addresses based on particular terms or keywords that appear near the data. This can go the other way, as well, where otherwise innocuous data can be identified as sensitive based on its context. GLASS also leverages checksums, function calls, and various other methods for data validation, in addition to pattern matching.

The discovery process itself is both comprehensive and has a sufficiently low footprint to run in the background, without disrupting any ongoing business processes. Once it is finished, Enterprise Recon exposes your results in a dashboard, shown in part of Figure 1. This allows you to review your results, including detailed information about each match and samples of the matched data as well as relevant contextual data. You can, if necessary, manually curate your matched data, then proceed to remediate (and thus secure) any sensitive data you’ve found.

Fig 1a - Enterprise Recon Dashboard

Fig 1b - Enterprise Recon Dashboard

Fig 1c - Enterprise Recon Dashboard

Depending on the data source and the type of file, up to four remediation actions may be available to you: mask, quarantine, encrypt, and delete. Mask (partially) replaces your data with a series of ‘x’ characters; quarantine moves the data to a secure location; encrypt is self-explanatory; and delete permanently removes it from your system. Importantly, the latter is not available for databases. This is a good thing: database admins don’t tend to appreciate that sort of intervention. Particularly sensitive information (credit card numbers, for instance) can also be discovered and masked automatically as it’s moved into the Ground Labs platform. In addition, all remediation actions are logged.

Various other capabilities are available, including data risk scoring and management, data classification, and data access management. The former, in particular, provides an additional dashboard that offers a consolidated view of risk exposure (thus enabling risk remediation). The platform also allows you to locate all data associated with a given individual, and thereby supports data subject access requests (DSARs).

Enterprise Recon has a number of capabilities worth commenting on. For starters, it will discover an impressively wide range of data types out of the box, and speaks to the majority of compliance regulations that are currently active. The fact that you can define your own data types extends it to address any existing regulation, at least in principle, and allows its discovery to remain malleable in the face of changing regulations or non-regulatory requirements. It also supports a relatively wide range of data sources, including both relational and NoSQL databases (and both structured and unstructured data), and provides remediation capabilities. In addition, DSAR support is appreciated, though in our opinion it could stand to be slightly more automated. Likewise, the product’s remediation capabilities are useful, but minimal, and its masking function in particular falls short of a full solution.

However, Enterprise Recon offers more than just regulatory compliance, despite the clear emphasis it places upon it. Its data discovery capabilities can also be put to use to locate data that, while not covered under any regulation, may be particularly valuable to your organisation and therefore worth securing. For example, you might want to identify intellectual property buried within your system or obtained during a corporate acquisition. You might also plausibly want to leverage its discovery, classification and risk management capabilities for their own sake, outside the context of sensitive data.

All that said, it is clear that GLASS is the greatest asset provided by Enterprise Recon. It’s designed to be easy to use, performant, highly accurate, and overall fit-for-purpose, and although we would like to see it support other matching techniques, it’s hard to criticise the combination of pattern matching, contextual analysis, and data validation that it provides.

The Bottom Line

Enterprise Recon is a highly fit-for-purpose solution for discovering data across your enterprise. If you need a better understanding of your data – for regulatory compliance, risk management, or for any other reason – it is well worth evaluating.