Enterprise Recon can discover a wide range of data, coming with over 300 predefined data types that span a variety of regulations, including GDPR, PCI DSS, CCPA, HIPAA, PIPEDA, PDPA and the Australian Privacy Act. You can also create custom data types. The product’s discovery process will determine the content type of each of your files and/or records, perform appropriate decoding and transformation, then attempt to match your data against the aforementioned data types. The latter is accomplished using GLASS (‘Ground Labs Accurate Search Syntax’), Ground Labs’ bespoke pattern matching technology.
GLASS can operate across multiple architectures simultaneously, and it can match against multiple patterns concurrently. It can operate on both structured and unstructured data, and in aid of the former it features an OCR (Optical Character Recognition) engine for extracting text from images. Moreover, it uses contextual information to improve the accuracy of its matches, by either bringing in or filtering out data based on its surrounding context. This means that, for example, you could write a pattern that locates address information but that discards corporate addresses based on particular terms or keywords that appear near the data. This can go the other way, as well, where otherwise innocuous data can be identified as sensitive based on its context. GLASS also leverages checksums, function calls, and various other methods for data validation, in addition to pattern matching.
The discovery process itself is both comprehensive and has a sufficiently low footprint to run in the background, without disrupting any ongoing business processes. Once it is finished, Enterprise Recon exposes your results in a dashboard, shown in part of Figure 1. This allows you to review your results, including detailed information about each match and samples of the matched data as well as relevant contextual data. You can, if necessary, manually curate your matched data, then proceed to remediate (and thus secure) any sensitive data you’ve found.
Fig 1a - Enterprise Recon Dashboard
Fig 1b - Enterprise Recon Dashboard
Fig 1c - Enterprise Recon Dashboard
Depending on the data source and the type of file, up to four remediation actions may be available to you: mask, quarantine, encrypt, and delete. Mask (partially) replaces your data with a series of ‘x’ characters; quarantine moves the data to a secure location; encrypt is self-explanatory; and delete permanently removes it from your system. Importantly, the latter is not available for databases. This is a good thing: database admins don’t tend to appreciate that sort of intervention. Particularly sensitive information (credit card numbers, for instance) can also be discovered and masked automatically as it’s moved into the Ground Labs platform. In addition, all remediation actions are logged.
Various other capabilities are available, including data risk scoring and management, data classification, and data access management. The former, in particular, provides an additional dashboard that offers a consolidated view of risk exposure (thus enabling risk remediation). The platform also allows you to locate all data associated with a given individual, and thereby supports data subject access requests (DSARs).