BY Stephen Cavey | 22 March 2021
As I shared in my last blog, data discovery is an action that allows businesses to know what types of data are stored across various storage sources and detects patterns of data vary depending on the particular goals and outcomes needed from data discovery. By detecting these data patterns, organizations can then utilize that information in the decision making process that supports broader business goals.
To have a successful data discovery process, an organization needs either a complete multi-use platform or a variety of purpose driven discovery tools, which can be used to uncover all data stored on your company’s systems regardless of whether its on a server, an endpoint or a 3rd party cloud storage repository.
But what is the difference? Both platforms and tools are software products. However, tools are products with a predefined role for limited scope use, whereas a platform is more holistic and customisable which serve multiple user needs. Think of it this way. A pen can be used to write and only write, but a computer can be used to write, research, print documents and accomplish other tasks. At the end of the day however, data discovery platforms and tools are both helpful in detecting data patterns relevant to business in many contexts, and form an important part of any program that exists to ensure compliance to data security and privacy laws like GDPR and CCPA.
Data discovery tools typically serve a specific purpose in a specialized field of use. Due to their specialist design, a data discovery tool will often provide a rapid way to begin searching for specific types of data on selected platforms without consideration around deployment or longer term recurring use. The limited capability of a data discovery tool often provides benefits in the form of a simplified workflow that requires little or no training along with faster ability to extract results. A data discovery tool can typically be executed locally from an endpoint such as laptop or desktop to rapidly analyse small data sets that have been extracted or prepared from external sources.
An example of a data discovery tool is the Ground Labs Card Recon which is in wide circulation globally and most commonly used by IT administrators within smaller organizations who are in the early stages of a PCI DSS compliance journey. Card Recon is designed to achieve a very specific purpose in enabling fast discovery of cardholder data across a limited set of systems such as desktops and small servers.
It is ideal for small organizations and security assessors such as PCI QSAs for producing sample based discovery reports as part of a preliminary review when establishing a business justification for a broader compliance program. When an organization has multiple systems that need to be scanned and reviewed, or the scope of data goes beyond small data volumes to incorporate medium and large data sets (typically from 250GB to Petabytes) then it is recommended that a platform approach be considered over a tool based approach to save time and cost as the complexity and data volumes grows.
Data discovery platforms are designed to serve a variety of purposes. They can assist an organization with broad identification of multiple data sets across structured and unstructured repositories of data. They will provide an appropriate workflow to review both small and large scale result sets with an ability to take follow-up actions such as data classification or data access governance reviews. Platforms also enable definition and refinement of patterns after results have been discovered, which help analysts make insight-based decisions quicker. And finally, a data discovery platform allows you to visualize data in a simplified manner either within its own interface, or via integration with third party Business Intelligence (BI) tools and platforms. Having data in a readily accessible form for quantitative and qualitative analytics and visual analysis positions a company in a far stronger position to understand its data and reduces the likelihood of being blindsided by compliance violations or a data security breach.
As we have now established, data discovery tools are very different from data discovery platforms due to their underlying intent and the challenges they are designed to solve. In the modern era where every business has collected data to some extent, it is valuable to consider short term tactical needs vs a long term data security strategy. If you are tasked with determining the most appropriate data discovery strategy for your business, consider the following:
For comparison, our Enterprise Recon solution supports over 300 data types from 50 countries with the ability to scan structured, unstructured, on premise and cloud data repositories with a centralised multi-user workflow. External analytics and BI tools like PowerBI and Tableau can also be used to design custom dashboards and data discovery workflows to meet specific departmental needs.
A data discovery platform serves as the foundation for both data security and compliance. In the past I have mentioned the benefit of having a Chief Compliance Officer, and while that advice still stands, a modern data discovery platform has an intuitive interface that will allow users to explore and make sense of data without much training. There is often a visual component that empowers users to make important decisions quickly as well as perform analytics in real time.
The GDPR, and other laws like the CPRA, PDPA, and PCI DSS, are designed to better protect the privacy of consumers in the digital age by addressing how organizations capture and maintain personal data. In order to maintain compliance, first ask yourself if you know where all of the personal data in your company lives– if the answer is no, this is unacceptable under most compliance laws.
Use data discovery to better identify and manage data across all your systems. The right data discovery solution will not only help to identify, but also assist the ongoing management of data as well as monitor, track, and trace it. A well designed data discovery platform will also provide remediation capabilities and valuable insights (e.g. risk mapping, data access governance, and data classification) into your organization’s weaknesses.
Even the most well prepared organizations can experience a cybersecurity breach. In the case of an incident, knowing where all your data resides will help you get to the source and follow protocol appropriately.
Overall, data discovery tools and platforms deliver critical business intelligence on where data exists and generate a high return on investment based on time saved, and risk reduction achieved. Ground Labs offers its globally trusted solution, Enterprise Recon PRO, for data discovery. It is able to detect over 300 data types, it is also adaptable, which is key to the ever changing compliance and cybersecurity landscape.
If you’re ready to harness the power of your company’s data, contact one of Ground Labs’ experts today.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.