Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 19)
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
See all Unit 42 Threat Research
Table of Contents
Cloud Security

What Is Data Discovery?

5 min. read
Table of Contents

Data discovery is the process of identifying and exploring data within an organization to better understand the data’s meaning and potential uses. The core processes of data discovery involve analyzing and visualizing data from various sources to identify patterns, trends, and relationships to gain insights and inform decision-making.

As it pertains to data security in the cloud, data discovery focuses on the identification, analysis, and understanding of data assets within an organization's cloud infrastructure. With the increasing complexity of application environments, data discovery becomes essential to maintaining security and compliance, as it helps organizations gain visibility into their data, uncovering its sources, storage locations, and usage patterns. Organizations can then make informed decisions when establishing proper access controls, enforce encryption, and ensure compliance with data protection regulations.

How Data Discovery Works

Data discovery plays a pivotal role in enabling organizations to grasp the nuances of their expansive datasets. Though organizations frequently wrestle with data sprawl — exacerbated by ceaseless data accumulation and an absence of visibility in their data repositories — data discovery facilitates informed decision-making. The typical data discovery process leverages data profiling, exploration, and visualization methodologies. These techniques illuminate the data’s structure, content, and quality, providing users with a fundamental understanding.

Data discovery tools get consumed by data analysts, business analysts, and other stakeholders to explore data and uncover hidden insights. These tools can include data profiling software, visualization tools, and analytics platforms that allow them to analyze data in real time. As the data flow is neverending, automated tooling is crucial for organizations to stay on top of the evolving landscape, adapting their security posture to address the change. Without automated tooling, the information gathered would become stale and ineffective, exposing the organization.

Shadow data presents a significant concern in this context. Data discovery efforts help uncover these hidden repositories, typically residing outside the official channels and overlooked due to their obscured nature. The adoption of microservices and the complex tapestry of multicloud frameworks exacerbate the challenge.

Data Discovery in the Cloud

In terms of cloud security, data discovery involves locating and examining data stored across various cloud platforms, including public, private, and hybrid clouds. It enables organizations to identify sensitive information, assess potential risks, and implement appropriate security controls. In addition to shadow data, data discovery helps uncover shadow IT resources, which may contain unprotected data or introduce vulnerabilities. Through continuous monitoring and data analysis, security teams can respond to emerging threats, adapt to changes in the threat landscape, and uphold regulatory compliance.

Data Discovery: The Key to Data Classification

Data discovery and data classification are closely intertwined processes, as both contribute to safeguarding data and ensuring compliance with data protection regulations in cloud environments.

By categorizing data based on its sensitivity and regulatory requirements, data classification allows organizations to determine the right security controls for each data asset. Data discovery facilitates classification by first locating and understanding the data. Organizations can then implement tailored security measures for each data category, ensuring that sensitive information is adequately protected.

Additionally, data discovery and classification enable organizations to maintain a proactive security posture and achieve regulatory compliance in the cloud. By continuously monitoring and analyzing data, security teams can identify potential vulnerabilities, misconfigurations, or unauthorized access to sensitive data. This empowers teams to respond to emerging threats and adapt security controls as needed, ultimately ensuring the safety and integrity of their data.

Benefits of Data Discovery

Organizations are inundated with data from many sources, heightening the complexity of understanding and accurately classifying it. It’s not merely about distinguishing between diverse data types. Organizations must grasp the intricacies of the data’s origins, interrelationships, and associated risks. Every dataset — from customer details and internal communications to proprietary algorithms — necessitates security measures based on inherent risks and value.

While correct classification is paramount to safeguarding sensitive data, the sheer volume and the evolving digital landscape amplify the challenges. The advent of remote work, multicloud strategies, and the proliferation of Internet of Things (IoT) devices further obscure the boundaries of data storage and transfer. Ensuring it has the appropriate protections is virtually impossible without understanding what data exists and its proper classification.

Better Decision-Making

Data discovery helps organizations make better, data-driven decisions by providing insights into their data. By uncovering patterns, trends, and relationships in the data, organizations can make informed decisions based on accurate and relevant information.

Maintaining Compliance

Data discovery helps identify various types of sensitive data controlled by legal or regulatory frameworks. This data may have stringent requirements for how it is protected and shared, with significant consequences if not handled properly.

Improved Data Quality

Data discovery can help identify data quality issues, such as missing or inconsistent data. By addressing these issues, organizations can improve the overall quality of their data, improving the accuracy of their decisions.

Increased Efficiency

Data discovery can help organizations save time and resources by quickly accessing the needed data. This eliminates the need for manual data exploration and analysis, which can be time-consuming and prone to errors.

Competitive Advantage

Organizations that can effectively leverage their data through data discovery have a competitive advantage over those that don’t. Organizations can stay ahead of the competition by using data to make informed decisions and identify opportunities.

Reasons for Data Discovery

Modern enterprises collect and process vast amounts of information while doing business. This data may originate from external parties such as vendors or customers, but it may also be generated throughout the course of operations. Organizations need a complete understanding of where their data resides and what is contained in it to avoid exposing themselves.

  • Data classification: Data discovery can help organizations classify their data based on sensitivity and criticality. This can help organizations apply appropriate security controls and comply with data protection regulations.
  • Access control: Data discovery can help organizations identify who has access to what data. Knowing this they can ensure that access is appropriate and in compliance with regulations.
  • Privacy compliance: Data discovery can help organizations identify personal data and ensure its protection aligns with privacy regulations such as GDPR, CCPA, and HIPAA.
  • Threat detection: Data discovery can help organizations identify potential security threats by monitoring data access and usage patterns. This can help organizations detect and respond to security incidents before they cause significant damage.
  • Audit and compliance reporting: Data discovery can help organizations generate audit reports and compliance documentation to demonstrate compliance with regulations such as PCI-DSS, SOX, and FISMA.
  • Data retention and disposal: Data discovery can help organizations identify data that has exceeded its retention period and should be disposed of in compliance with regulations.

Efficient Data Management

Manual processes for data discovery and data analysis are only sufficient for the smallest of organizations. As organizations grow, the volume of data to locate and analyze rapidly outgrows what can be discovered through manual assessment.

Automated data discovery solutions are necessary to analyze modern enterprises. Basic tools will be able to discover and analyze data in expected data storage locations such as databases and shared storage. Discovering all data organizations have stored in the cloud or shadow IT requires more advanced tooling.

Shadow IT encompasses all unknown systems and services that may be created temporarily to accomplish an IT goal but linger well beyond their intended purpose. These systems often house sensitive information yet are poorly maintained.

Cloud resources are another challenge for automated tools, as many discovery tools are designed for on-premises. Advanced discovery tools can analyze all cloud providers used by an organization to discover the locations where data resides and classify it by what it contains, allowing teams to decide if it should remain in that location or if new security controls are required to protect it.

Data Discovery FAQs

Access control for data refers to the process of defining and enforcing who can access specific data resources within an organization. It ensures that only authorized users have access to sensitive information, protecting it from unauthorized access, disclosure, modification, or destruction. Access control mechanisms include role-based access control (RBAC), attribute-based access control (ABAC), and mandatory access control (MAC). By implementing proper access control measures, organizations can maintain data security, protect intellectual property, and comply with data protection regulations.

Data sprawl refers to the growing volumes of data produced by organizations and the difficulties this creates in data managing and monitoring. As organizations collect more data and increase the amount of storage systems and data formats, it can become difficult to understand which data is stored where. Lacking this understanding can lead to increased cloud costs, inefficient data operations, and data security risks as the organization loses track of where sensitive data is stored — and consequently fails to apply adequate security measures.

To mitigate the impact of data sprawl, automated data discovery and classification solutions can be used to scan repositories and classify sensitive data. Establishing policies to deal with data access permissions can also help. Data loss prevention (DLP) tools can detect and block sensitive data leaving the organizational perimeter, while data detection and response tools offer similar functionality in public cloud deployments.

Shadow data refers to information stored or processed outside of an organization's official IT systems, often unknown to IT or security teams. This data may be created by employees using unsanctioned applications, personal devices, or cloud services for work-related tasks. Shadow data poses significant security risks as it may contain sensitive information without proper protection or governance. Identifying and managing shadow data is crucial for maintaining data security, ensuring regulatory compliance, and mitigating potential data breaches.
A data inventory is a comprehensive record of an organization's data assets, including the types of data, their locations, and the processes involved in their collection, storage, and processing. Data inventory helps organizations understand the flow of data within their systems and identify potential security risks. By maintaining a data inventory, organizations can ensure compliance with data protection regulations, manage data access controls, and implement effective data governance practices. A data inventory should include information about data ownership, classification, retention periods, and the legal basis for processing.
Data mapping is the process of creating visual representations of the relationships and flows of data within an organization's systems and processes. It helps organizations understand how data is collected, stored, processed, and shared across different systems, applications, and third parties. Data mapping is essential for complying with data protection regulations, as it enables organizations to identify potential risks, maintain data accuracy, and respond effectively to data subject rights requests. By creating a data map, organizations can optimize data management processes, implement robust security measures, and enhance data governance.
Data at rest refers to data that is stored in a persistent state — typically on a hard drive, a server, a database, or in blob storage. It's in contrast to data in motion, which is data that is actively being transmitted over an internal network or the internet.
Data in motion refers to data that is actively being transmitted or transferred over a network or through some other communication channel. This could include data being sent between devices, such as from a computer to a server or from a smartphone to a wireless router. It could also refer to data being transmitted over the internet or other networks, such as between local on-premises storage to a cloud database. Data in motion is distinct from data at rest, which is data that is stored in a persistent state.

Data in use refers to data that is actively stored in computer memory, such as RAM, CPU caches, or CPU registers. It’s not passively stored in a stable destination but moving through various systems, each of which could be vulnerable to attacks. Data in use can be a target for exfiltration attempts as it might contain sensitive information such as PCI or PII data.

To protect data in use, organizations can use encryption techniques such as end-to-end encryption (E2EE) and hardware-based approaches such as confidential computing. On the policy level, organizations should implement user authentication and authorization controls, review user permissions, and monitor file events.

Data loss prevention (DLP) can identify and alert security teams that data in use is being attacked. In public cloud deployments, this is better achieved through the use of data detection and response tools.

Data management refers to the optimal organization, storage, processing, and protection of data. This involves implementing best practices, such as data classification, access control, data quality assurance, and data lifecycle management, as well as leveraging automation, advanced analytics, and modern data management tools.

Efficient data management enables organizations to quickly access and analyze relevant information, streamline decision-making, reduce operational costs, and maintain data security and compliance.

The data lifecycle describes the stages involved in a data project — from generating the data records to interpreting the results. While definitions vary, lifecycle stages typically include:

  • Data generation
  • Collection
  • Processing
  • Storage
  • Management
  • Analysis
  • Visualization
  • Interpretation

Managing data governance, classification, and retention policies can all be seen as part of a broader data lifecycle management effort.

Data retention and disposal involve defining and implementing policies for the storage, preservation, and deletion of data in accordance with legal, regulatory, and business requirements. Data retention policies specify how long data should be stored based on its type, purpose, and associated regulatory obligations. It ensures that data is securely deleted or destroyed when it reaches the end of its retention period or is no longer required.

Proper data retention and disposal practices help organizations reduce the risk of data breaches and maintain compliance while minimizing storage costs.

Shadow IT refers to the use of technology, applications, or services within an organization without the knowledge or approval of the IT or security departments. This can include the use of unauthorized cloud services, personal devices, or software applications for work-related tasks. Shadow IT poses significant risks to data security, compliance, and overall IT governance, as it often bypasses established security controls and policies. To mitigate these risks, organizations should implement monitoring and discovery tools, enforce strict access controls, and establish clear guidelines and policies for technology usage.

Compliance in data management involves adhering to legal, regulatory, and industry-specific requirements related to the collection, storage, processing, and transfer of data. Compliance measures include implementing security controls, data classification, access control, encryption, and regular audits. Key regulations that organizations may be required to comply with include:

Threat detection in data management involves identifying and analyzing potential security threats and anomalies within an organization's data infrastructure. By monitoring data access, usage patterns, and network traffic, security teams can detect malicious activities, unauthorized access, or data exfiltration attempts.

Advanced techniques, such as machine learning and artificial intelligence, can be employed to automate threat detection, allowing for real-time analysis and response. Implementing robust threat detection mechanisms helps organizations protect sensitive data, mitigate data breaches, and maintain regulatory compliance.

Audit reporting for data compliance refers to the process of documenting and presenting evidence of an organization's adherence to data protection regulations, industry standards, and internal policies. These reports are typically generated by internal or external auditors and include assessments of data management processes, security controls, access permissions, and data handling practices.

Related Content

  • DSPM: Do You Need It?

    Discover five predominant approaches to data security, along with use cases and applications for each data security approach.

  • Protecting Data and AI in 2024: What CISOs Need to Know

    Join data security experts to find out how the latest advancements in data security can help you discover, classify, protect and govern data in cloud environments.

  • Securing the Data Landscape with DSPM and DDR

    Stay ahead of the data security risks. Learn how data security posture management (DSPM) with data detection and response (DDR) fills the security gaps to strengthen your security ...

  • The Buyer's Guide to DSPM and DDR

    Learn what to look for in a cloud data security provider and how DSPM and DDR can significantly enhance your organization's security posture.

Get the latest news, invites to events, and threat alerts