Data security has been in the spotlight recently. The many, many high-profile data breaches in recent years have underscored the importance of properly securing databases containing sensitive customer and intellectual property data. Recent data privacy regulations like the EU’s General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act that came into effect in 2018 have also raised the bar for data security by levying higher penalties on organizations that breach customer data.
Securing your sensitive data is relatively easy if you know where all of it is. If your employees have created unauthorized copies of sensitive data or official database backups are forgotten, this data may not be appropriately secured and may leave your organization open to a data breach. If your organization collects, stores, or processes any sensitive data (consumer personal data, intellectual property, etc.), investing in data security solutions capable of finding “invisible” data and testing its security may be what saves your organization from an expensive and embarrassing data breach.
What Is “Invisible” Data?
“Invisible” data is any data that is not being appropriately monitored and secured in accordance with your organization’s data security policy. Most organizations have some form of a “crown jewel” database, containing all the data that the organization needs in order to function. These databases are usually well-secured, with multiple protections, access controls, etc. deployed to protect it. Even after an attacker gains access to your network, it would be difficult for them to achieve the level of access necessary to breach this central database.
But what about the data not stored within the central database? Protecting against ransomware attacks and ensuring business continuity requires backups of all critical data. Where are the backups stored? Have employees made copies of the database for easier access or testing newly developed software? Knowing the answers to these questions may be the difference between an annoying intrusion and an expensive data breach.
In 2018, Reddit suffered a significant data breach. The attackers were not able to gain access to Reddit’s actual systems but compromised employee accounts on cloud storage providers used by the organization. As a result, user email addresses, password hashes from 2007, source code, and log files were compromised.
This breach underscores the importance of being aware of and protecting “invisible” data. The data backups (including the password hashes) were breached because they were stored on the cloud (none of Reddit’s actual systems were breached). Identifying and securing these rogue databases can be a crucial part of protecting your organization from a data breach.
“Invisible” data detection, protection, and prevention
Dealing with the threat posed by “invisible” data is a multi-stage process. First, you need to identify where sensitive data may be hidden within your organization. Next, any databases containing sensitive data should be scanned for vulnerabilities and secured. Finally, steps need to be taken to ensure that new copies of sensitive data are not created.
Finding the Data
Identifying locations where sensitive data is stored within your organization is crucial to preventing data breaches and ensuring regulatory compliance for your organization. Doing so manually at scale can be a challenge due to the massive amount of data stored by most organizations. A good data security tool will allow you to perform and schedule automated scans for rogue databases and automatically classify any data discovered as sensitive or not based upon keywords or pattern-matching (credit card numbers, Social Security numbers, email addresses, etc.). Once rogue databases are identified, it’s possible to take steps to secure or eliminate them.
Securing the data
Just because a database is unauthorized doesn’t mean that there isn’t a good business case for retaining it. Any databases that you choose to keep need to be appropriately secured. Performing a vulnerability scan is important since it is unlikely that the owner of the database had been applying appropriate vulnerability patches. Once these vulnerabilities have been patched and the database is ready for service, scheduling automated vulnerability scans for the future is a great idea to ensure that the data remains secure.
Preventing future issues
The last step in protecting against “invisible” data and rogue databases is ensuring that new backups and copies aren’t created without being appropriately secured. Since most rogue databases come from copies of official databases, the best way of accomplishing this is monitoring these databases. Detecting an attempt to copy the database while it happens is the easiest way to prevent the creation of “invisible data”.
A good data security solution will provide you with a variety of capabilities for database monitoring. Data access monitoring will ensure that you know when someone is attempting to access your sensitive and valuable data. Risky user detection algorithms can separate normal behavior from anomalies and alert you of anything suspicious.
Protecting your invisible data
Data is valuable and an attacker who has gained access to your network is going to go for the easy targets. Rather than trying to breach the security around your “crown jewel” database, they will look for poorly secured backups and copies. These copies will have most or all of the same data and be much easier to find and steal without being noticed. To protect yourself from a costly data breach, you need to detect and secure “invisible” data within your organization and ensure that new, unsecured copies aren’t created in the future. A good data security tool can be a huge asset for this, allowing you to automate detection, vulnerability scanning, and access monitoring of all your company’s databases.