A recent breach at the Memorial Sloan-Kettering Cancer Center called attention to the fact that you can’t protect data from a breach if you don’t know what data your organization possesses. This may sound simple but many organizations do not have a good grasp on what data exists in their organization and whether that data should be protected against disclosure. This makes it difficult to detect a breach and thus, breached data persists in the wild much longer than it could if organizations had a better understanding of the data they manage.
An interesting solution, documented in Data Breach Today, is being used by Franciscan Health System (FHS) in Washington State. FHS has started using an eDiscovery tool, typically used to gather, filter, prepare and evaluate data use in litigation, to gain a big picture on the data they have on their systems. eDiscovery tools allow users to search across a large amount of data to find data of a specific type. In litigation, lawyers ask, “What data is relevant to my case?” and in information security and privacy, the question is, “what sensitive data exists in my company?” FCS and others have found another use for eDiscovery tools in the information security field. These tools are much further along on the maturity cycle than some recently developed tools. Some eDiscovery tools allow for data visualization such as the Attenex document mapper from FTI that shows a picture of the data in the system by using a series of circles of varying sizes connected together. The circles and connections picture the classifications and relationships between data.
There may be many in an organization that are creating content and some sensitive information may accidentally or intentionally be included in a document. eDiscovery software evaluates the content of files to help identify the data that may be hiding within a document and it can be used for cyber security in addition to litigation. In the case above, Memorial Sloan-Kettering Cancer Center had unencrypted patient information in a set of Microsoft PowerPoint slides that were available online. What’s worse is that the information was available for six years before it was found. An eDiscovery system could have alerted them to this data breach much sooner.