Data breaches are being reported in the news on an almost daily basis. And with new compliance regulations, like GDPR, being introduced on a regular basis, discovering and classifying data is becoming an increasingly important task for organizations of all types and sizes. But data classification is hard to do and often does not happen reliably, especially if it’s left to business users. Classification needs to be done automatically and should include a discovery piece to find sensitive data, so you can make sure that all sensitive data is protected.
Here are some sensitive data discovery tools that can help you comply with regulations and avoid damaging data loss events.
Window Server File Classification Infrastructure (FCI)
File Classification Infrastructure (FCI) was introduced in Windows Server 2008 R2 to help organizations classify the data stored on their Windows file servers. Part of File Server Resource Manager (FSRM), it enables system administrators to establish rules for automatically classifying files based on different criteria, such as location and content, and then taking actions like moving data to a specified location or encrypting it.
Files can be classified automatically by using Windows Search to crawl file shares and classify files based on properties and rules. Users can also manually classify files in File Explorer, or you can give users access to Microsoft Office templates that already contain embedded classification metadata. A Windows PowerShell classifier module gives access to the FCI API so that files can be classified programmatically. Files retain their classification provided they are stored on a New Technology File System (NTFS) volume. But Microsoft Office files always retain classification metadata because it is embedded directly in the files.
While FCI doesn’t require any additional licensing or client software and classification properties can be centrally managed in Active Directory, rules must be set on each file server individually. Additionally, reporting isn’t centralized, so reports must be generated separately for each file server.
Azure Information Protection
Azure Information Protection (AIP) is a cloud-based solution that enables organizations to classify data by applying labels. Optionally, AIP can also be used for data protection. AIP uses Azure Rights Management Services (RMS) to protect data, whether it’s at rest or moving over a network, that the technology discovers and classifies in the cloud, Windows Server, Exchange, and SharePoint. Policy-driven intelligent content categorization analyzes data and its context in real time. Data classification can be automated, or users can classify data manually. AIP also works with Exchange Online to encrypt email that can be read by recipients outside of your organization.
Labels are used to decide whether data should be encrypted and what rights users have; for instance, you could decide that users are not allowed to print data or forward it by email to external users. Data owners can track activity to learn what actions have been performed on their data, and have the ability to withdraw data access rights. Users can also attach labels to documents directly in Office. Organizations that want to use AIP without FCI can install the AIP scanner to automatically classify and protect local files.
Centralized reporting for AIP is currently in preview, and reports are available from the Azure management portal dashboard. Usage reports enable you to view which labels are being applied to documents and how many documents are being protected. The activity logs show more specific data about which users were doing what, including direct access to the labeled documents. Finally, data discovery reports show which files are in your scanned repositories, which files are labeled and protected, their location by label, and which files contain sensitive information by category, like financial or personally identifiable information (PII).
In addition to a free version with extremely limited functionality, you can choose a paid version of AIP; the price depends on how advanced the functionality that you’d like to have access to.
Netwrix Auditor – Data Discovery and Classification Edition
The Data Discovery and Classification edition of Netwrix Auditor is designed to find and classify the sensitive data on your file servers, Office 365 and SharePoint. This data discovery software solution is easy to set up and manage: It comes with eight taxonomies with hundreds of classification rules out of the box; you can also customize or create your own data classification rules to match your organization’s needs, provide for future regulations, and comply with best practices. The search engine enables you to quickly find data containing information about a specific person to satisfy data subject access requests.
The product also offers comprehensive reporting on file servers. Netwrix Auditor gives you great insight into the location of sensitive data, the content, who has access and who is using it. Files and folders can be categorized by regulation. For instance, you can run a report that provides an overview of all locations that contain data regulated by PCI DSS or GDPR, along with how much data is in each location. With this clear intelligence, you can decide how to best protect your data to minimize the risk of a data breach and prioritize which locations should be protected first. The reports even show who owns each sensitive file so you can work with stakeholders to secure their data properly. NTFS permissions can also be displayed so you can check that access rights are applied appropriately. Moreover, reporting is available for not just Windows file servers, but also EMC and NetApp storages.
In the event of a security incident, Netwrix Auditor enables you to quickly see who viewed, accessed and modified your data. This is one of the key advantages of the Netwrix software: Because it’s part of an auditing platform, the classification and data discovery piece integrates with other features, enabling organizations to remediate issues and provide the information required during an audit more easily than other solutions can.
