Remediation of Sensitive Data

While media attention and "brand events" attract the attention of business executives, heightening awareness and understanding of the importance of managing sensitive data, regulatory and compliance requirements reinforce the need for automated solutions that can automatically manage your sensitive data footprint.

Discovering and classifying sensitive data (knowing what and where it is) are initial steps for managing sensitive data. These steps are designed and executed based on a classification matrix which is a deliverable from a risk assessment (stay tuned for next article). The results from discovering and classifying sensitive data define the status of your current sensitive data footprint. The business value in these steps is providing accurate information for the estimation of the resource requirements for managing that data.

The "payoff" or Return On Investment (ROI) comes from automating what can and should be done with the sensitive data to protect the customers and organization. This is the next step in the journey to managing your sensitive data footprint. It is referred to as remediation.

Many organizations are doing some form of remediation in manual and/or siloed processes depending on individual management decisions and/or requirements. As with all enterprise-wide initiatives (like sensitive data management), the most value is derived from a standard centralized management approach that provides automated remediation in a single place (tool) and integrates with existing processes and tooling.

Remediation can take on many forms, some more destructive than others. Each organization will have to define the remediation requirements for each data classification. In general the basic types of remediation include:

• Quarantine - move the data to a safe(encrypted) location, leave behind a "breadcrumb" file to notify relevant personnel as required.
• Shred - Destroy the data/file. This is unrecoverable.
• Redact - for image files; replace sensitive data references with characters, leaving the remainder of the file/data intact.
• Execute some type of automation - run a script of program to perform whatever integration or other automation required.
• Modify File permissions - protect the file/data

Most organizations start out with educating users and enlisting their support to help with the classification and remediation processes. When the sensitive data footprint reaches a level where the manual processes are not meeting requirements, automated remediation is "turned on" and "tuned" until the desired state is reached.