Card Data Discovery
Data discovery is the systematic identification and analysis of sensitive information such as confidential, proprietary and personally identifiable information. Once data is ‘discovered’, it can be analyzed and the organization can confirm the effectiveness of controls that support confidentiality, integrity and availability of that data. This data could encompass trade secrets and intellectual property, financial data and credit card data (i.e., track, PIN and CVV) stored in file systems, shared drives, databases and removable media.
What can data discovery do for you?
Most organizations understand where sensitive data should reside within their environment, but due to the interrelationships of business processes and dynamic data usage to support management information, operations, engineering and marketing, data tends to ‘leak’ and reside in systems, applications, databases and file shares that do not adequately protect that information from unauthorized access, modification and destruction.
Locating and protecting specific types of confidential information is a core component of a proactive security and data management process and is a key requirement within the majority of industry related standards and regulations, such as PCI and HIPAA.
ControlCase Data Discovery Services
ControlCase Data Discovery Services help our clients to find and protect sensitive information quickly and cost effectively. Our service is flexible and can be tailored to meet specific client requirements.
The ControlCase Managed Compliance Services team uses the ControlCase Data Discovery (CDD) scanner, and other leading edge tools and techniques, to help locate and analyze sensitive data within our clients’ environments. A key differentiator of our service is scan-over-scan trend analysis that demonstrates the overall effectiveness of the organization’s data management and protection initiatives. Continuous or periodic data discovery and analysis serves as a foundation of an organization’s risk management processes.
CDD finds unencrypted data in any type of file across the whole network from one central location. CDD is not constrained by file types; rather it allows us to search the whole technical environment for sensitive data. This includes databases, PDF and other standard file formats. Once data and associated IT assets have been identified, we work with our clients to determine if appropriate controls have been implemented. This may lead to remediating (i.e., implementing additional safeguards or removing the data) unprotected data, databases, applications and file shares.
All data issues that are identified are presented to the client together with an assessment of impact and recommendations for mitigation or a technical solution.
- The ControlCase Data Discovery Service reduces our clients’ level of effort for supporting a comprehensive data management and protection program.
- Our clients are able to objectively assess the effectiveness of internal data management processes within operations, engineering and marketing departments in an on-going basis.
- The ControlCase Data Discovery Service supports our clients’ ability to fine tune its data retention and disposal practices.
- Our service is designed to help client comply with industry-driven regulatory requirements and standards such as PCI DSS, ISO 27002 and HIPAA.
- Our services are enabled using the CC-GRC portal which provides our clients with the ability to closely monitor engagement progress.
ControlCase Data Discovery Services can be performed as a standalone service or can be bundled with other ControlCase Managed Compliance Services as desired.
Data discovery scanning can be a one-time project or can be scheduled to occur on a scheduled or as needed basis. The service can be run remotely or locally. A number of our clients run the scanner themselves and provide the raw data to the ControlCase Managed Compliance Services team for detailed analysis.