Information systems security: preventing the leakage of sensitive information
Protect your sensitive information and prevent leaks with our information system security solution.
Securing your information system :
Our customer, one of Europe's leading private bankers, wanted to minimize the risk of leaks of sensitive information (identities, financial transactions, etc.). As this type of leak is most often due to internal malicious acts, the Information Systems Security Manager (ISSM) wanted to exhaustively identify the sensitive information present on the internal IS in order to better protect it.
This raised two questions:
1. Where exactly are all the sensitive data held by the bank stored? Which databases? Which tables? Which columns? But also which files (notably Excel files and other listings scattered across the internal network)?
2. What types of sensitive data are involved?
Tale of Data prevent data leakage from your IS
Our "Mass Data Discovery" technology automatically scans:
- All relational databases
- Shared network drives: all directories and their sub-directories were scanned for Excel, CSV, XML or JSON files.
- CRM and content management systems (e.g. Sharepoint)
Every record in every table was analyzed for sensitive data: surname, first name, addresses, e-mails, telephone numbers, bank account numbers, etc.
The results were compiled at field level (whether in a database, Excel file or CSV listing): at the end of the scan we could say, for example, that the file aaa.xlsx, located in the directory x/y/z, contains N surnames in the 3rd field of the 2nd tab.
Tale of Data's contribution to securing your information system
The data scan (= "Bottom - Up" approach) provided CISO with an exhaustive identification and location of sensitive data.
The resulting map has enabled security teams to greatly minimize the risk of data leakage:
- Tracking down queries that were previously thought to be innocuous (= any SQL query that brings up columns that are part of the list of sensitive columns established by mapping)
- By systematically checking access to network directories that they didn't previously know contained sensitive data listings
- Checking the effectiveness of anonymization procedures : cross-referencing (= Tale of Data fuzzy joins) anonymized files with a list of known customers should not normally generate any matches .
- By monitoring the risk of leaks over time, with regular scans: up to several times a day. In fact, new listings may appear on the network for a few hours just before a leak.
Stay up to date with our latest exciting articles!
Explore our solutions tailored to your specific needs
