Select Page

Hey Cortana…where is my risk?

Author: Nate Latessa, President

“Hey Cortana, where is all my PII data?”

Wouldn’t be great if Cortana or Siri was content aware and could actually help you discover sensitive data at the local or enterprise level?

PII data residing outside known or protected areas is just the kind of thing that keeps the Chief Risk Officer up at night. Without data awareness, defined workflows or classification tools, files may begin to migrate away from known, safe locations (data leakage).

Today’s challenge for any organization is identifying what data they have and where it is located. This blog focuses not on data sitting in the cloud on a file share, rather data at the endpoint where many people create, work and store information.

 

$400 Million

The estimated financial loss from 700 million compromised records shows the real importance of managing data breach risks.

Verizon’s 2015 Data Breach Investigations Report shines a clear light on the potential cost of a data breach. There isn’t a single industry sector that hasn’t been affected by a data breach and as the study clearly points out breaches can be quite costly.

There are many methods and recommendations for protecting information, however the bottom line is that if you do not know where your data lives, it is difficult to build a strategy to protect it!

Heureka’s newest Interrogate release addresses the “where is my data” question and adds automated risk score and tagging functions to help you quickly identify potential risk. Searches are easily created to sweep across all installed endpoints and within minutes identify and return every file containing potential credit card or social security numbers contained within.

Risk score and tagging works for stand-alone (loose) files, email, attachments and even compressed files and folders across Windows, Mac and Linux operating systems.

Files are auto-tagged with the type of information contained within (for example Mastercard, Visa, SSN, etc) and the total amount of numbers identified within the file. The risk score is a sum of all potential risk on a file thus allowing you to sort the riskiest files to the top of the list.

When a search is complete the Interrogate user can begin making strategic decisions regarding file-level risk, location, file owner, data volume, dates, etc. To further help in this area, Interrogate allows you to easily group endpoints together to segregate acceptable from unacceptable risk for more realistic analysis and reporting. Once risky files have been identified actions can be taken to bring endpoints or file owners into compliance.

Should a breach occur, specific endpoints can be scanned and assessed for total volume and type of information contained within minutes. Our endpoint search allows you to quickly view the level of risk on any given endpoint at any point in time.

Watch for future blogs discussing workflow and new features to help with risk and compliance.