Do you really know where you sensitive information is on your network?
Most companies know where it is suppose to be. But in the normal course of employee concerns, serving customers, generating reports, creating backups and analyzing operations, sensitive data finds its way in files on desktops, laptops, servers used for other purposes, etc. A number of regulations such as PCI DSS, HIPAA, FERPA, SOX, Red Flags (PII) demand that sensitive information be protected. Companies have intellectual property that also must be protected.
It is impossible to protect sensitive data if you don’t know where it is.
Sensitive Data Discovery and Classification is a first step in incident response readiness planning and electronic discovery (litigation) readiness. It assists your organization in becoming both secure and compliant and helps you define the requirements for a data leak prevention strategy.
Video: Sensitive Data Discovery By Bill Dean
Our Methodology for Sensitive Data Discovery and Classification
|Initiate a Case|
|Don’t Attempt Your Own Investigation|
|Federal Rules of Civil Procedure|
Sword & Shield analyst provides you with data oriented visibility across the various database and file servers employed within your enterprise. Sword & Shield uses software tools and manual processes to assist you in attaining tighter control over confidential data through the following processes.
- Identify the sources of confidential data
- Securely profile user specified data sets
- Assign data categories and classification
- Identify copies and subsets of confidential data in enterprise file and database servers
- Mitigate risk
Our tools use a combination of data signatures, custom specified search terms, and a secure profile of your organization’s valued data to eliminate false positives and identify exports of your sensitive data to:
- Office Documents
- Enterprise and Personal Databases
Real Success Story
A rapidly-growing retailer with more than 600 storefronts that processes a large number of credit cards for payment of services rendered involving private health information must comply with both PCI DSS and HIPAA.
However, because much of their rapid growth was as a result of acquisitions, their IT department was limited in its understanding regarding where PCI and PHI data were located on the enterprise network.
Sword & Shield located the sensitive information, classified the data, reviewed and revised policies to contain the data while allowing employees to do their jobs. This was a first step toward being compliant with PCI and HIPAA. We were also able to use the information to assist the company in creating an incident response plan and a litigation readiness plan which will reduce the overall recovery expense should the company experience a breach or find themselves in litigation.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885