IBM Security23
Q3: How do I find my sensitive data in the first place, so I can start protecting it?
Luis Casco-Arias
there are several methods, but first you have to define what is sensitive/critical to the org
Leslie Wiggins
A3: Finding sensitive data is an ongoing activity -- not once and done (because data is dynamic, distributed and in demand .. and moving all the time)
Andy Land
A3: Need a concerted effort by your team and some automation. Lots of great tools including @IBMSecurity Guardium.
Luis Casco-Arias
Once categories are defined, then you could use organizational memory or automatic discovery tools
Leslie Wiggins
A3: Finding sensitive data manually is impractical - error prone, expensive and time consuming
Datapipe
If you're using an MSP, they should provide analytics or have monitoring/scanning services to help you locate sensitive data. Otherwise there are third-party tools to help. But it's important to maintain use. This is an ongoing battle.
Cindy Compert,CIPT/M
a3 a Privacy Impact Assessment is a good place to start + lots of tools
Leslie Wiggins
A3: It's important to have automated discovery and classification - across all repositories where sensitive data lurks (DB, apps, big data, etc)
IBM Security
Also, check out our ebook on #InsiderThreat to learn more: ibm.co/1RDWloF
Andy Land
@LeslieW66749952 So key is using tools built for the job.
John Martin
One has to identify all assets, which have value and then assess them.
Luis Casco-Arias
right... it is not enough to discover once... since data moves and changes all the time.
Kevin G. Joseph
It is so important not to have dozens of security products that don't talk to each other. When investing in security, businesses need to look for a comprehensive security program that increases visibility and integrates seamlessly.
Cindy Compert,CIPT/M
a3 Don't forget data in flight that is never stored! big trend in #cognitive
Leslie Wiggins
You are right John, That's where automated discovery and classification comes into play.
Luis Casco-Arias
besides is not enough just to find the data, but also who has access, how they access... the idea is to identify risk and do something to reduce it.
Andy Land
@CCBigData Privacy is a big consideration when taking on classifying sensitive data.
Luis Casco-Arias
a strategy for classification is also important... you do not want to boil the ocean
Leslie Wiggins
Last question was just posted, as we are going to start wrapping up.
Navroop Mitter
not only is once and done not the right approach, value is often created by combining distinct pieces of data in distinct repositories. We have to start looking at what value may come if different pieces of information are brought together.
Leslie Wiggins
Please respond to the question, and then join us for Part II in this discussion
Leslie Wiggins
On 1/28 at 2pm est!