Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE

Sensitive Data Discovery for Compliance

Blog >Sensitive Data Discovery for Compliance
Sensitive Data Discovery for Compliance
| Sujith Kumar | | 1 Comment

The industrial revolution began in the late 18th century and revolutionized the manufacturing process; in a similar manner, the digital revolution happening now is fundamentally changing the way that organizations conduct business. The Digital revolution is all about the digital transformation of how business is conducted in today’s connected world. By migrating data from paper archives to the digital world, businesses can now integrate and utilize relevant data in our day-to-day lives.  It has nothing to do with the evolution of devices, it is all about integrating and utilizing intelligent data to make better decisions. 

This data-driven way of doing business will be ever vigilant, always tracking, monitoring, listening, and watching as it continues to learn and evolve.  So what does this have to do with the data?  Data is at the heart of the digital revolution and is essentially the lifeblood of digital transformation.  Organizations are collecting and amassing data more than ever before and using it to come up with sources of competitive advantage in the marketplace.  While organizations continue to collect and use customer data to drive consistent and better customer experiences, consumers are embracing these personalized real-time engagements.

Customers expect instant gratification and access to products and services wherever they are, on any device and whatever type of connection. For instance, I use a well-known streaming service to watch my favorite shows and movies on my TV when I am home and on my iPad when I am traveling.  I like the fact that the streaming service companies provide me with a unified viewing experience across all my devices, making recommendations based on past choices.  Unlike some others, I am not worried about the company storing data about me and my habits.  However, what I am worried about is how a company is storing and protecting my personal data and keeping it safe from a data breach. 

A breach in the data collected and maintained by a streaming service may not cause much alarm due to the more benign consequence of its loss. However, unauthorized access to the data maintained by my insurance company, credit card company, and my doctor is something that should never happen. A data breach of this type of personal information can do irreparable harm. This is exactly the reason why governments across the world have stepped up and enacted laws, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act of 1996 (HIPAA) to keep everyone’s personal data safe in the digital world. This type of data is what is commonly referred to as Personally Identifiable Data (PII) or sensitive data in the industry.  Organizations can go bankrupt or face huge fines from the government if the sensitive data under their care is treated irresponsibly; this means that the companies must begin with knowing the specific type of data that is housed within the organization and where and how it is stored.

Typically, most sensitive data resided in relational databases, however, that is no longer the case.  Sensitive data can now be contained within files, which might reside on file shares, user computers, and in NoSQL datalakes.  In order to comply with privacy and industry regulations, organizations need to be able to effectively discover, classify, and understand the nature of the sensitive data across both structured and unstructured data silos.

To successfully prevent a sensitive data breach, organizations also need to know who, when, and how the sensitive data is being accessed in addition to knowing where the sensitive data resides.  It essentially comes down to knowing and categorizing the permission hierarchy to the sensitive data, both structured and unstructured. 

Structured Data

Structured data typically refers to data that is stored in relational or SQL databases. Some examples of relational databases include Oracle, SQL Server, PostgreSQL, etc., while Hadoop, MongoDB, and Couchbase are NoSQL databases.  The data in relational databases can either be normalized or denormalized while maintaining a strict structure. Data stored in NoSQL databases can either be structured, semi-structured, unstructured or a combination of all three.

Both SQL and NoSQL databases can contain sensitive data. Examples of sensitive data include PII, PCI, and HIPAA type data.  It is normal for organizations to have multiple databases with multiple tables containing sensitive data. The key requirement when it comes to sensitive data is being how to identify where and what type of sensitive data exists and how to secure it.

StealthAUDIT can scan Oracle, SQL, PostgreSQL, MySQL and MongoDB databases for sensitive data. The structured data scan engine comes with not only numerous pre-defined sensitive data search criteria but also provides support for user-defined criteria.

Unstructured Data

Unstructured data refers to sensitive data stored in a file format.  Common examples include Word documents, PDF files, JPEG files, PowerPoint files, ASCII text files, etc. These files are commonly stored on both local and cloud-based file shares. 

StealthAUDIT can scan both on-premises and cloud-based file shares, parse the files and identify and classify sensitive data. The unstructured data scan engine comes with numerous pre-defined sensitive data criteria while also supporting user-defined criteria.  Remediation actions such as restricting access and quarantining files are supported through Action Modules. To learn more about how STEALTHbits can help with your sensitive data discovery and classification needs for both structured and unstructured data sources, visit our website:

Featured Asset


  • A very nice introduction on sensitive Data discovery. In addition to enabling users to classify data, the solution should monitor users’ folders to automatically analyze and classify data the moment it is created in, moved to, or modified within the folders.

Leave a Reply

Your email address will not be published. Required fields are marked *




© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.