Sensitive Data Discovery
Sound data governance begins by identifying the location of sensitive data and personally identifiable information (PII) across your business. In complicated databases, the discovery process could take days, and assessing the risk even longer. The HushHush Sensitive Data Discovery Tool uses proprietary discovery and ranking algorithms based on metadata and data values. Using an expert determination process, only the statistically-most-used data values for each type are used, to maximize speed and accuracy.
The HushHush Sensitive Discovery Tool is a Windows-based desktop utility. Its purpose is to find sensitive data in databases, create workflows to de-identify discovered data, and save the metadata for auditing purposes. The tool is currently used with SQL Server and mySQL databases, both on-premises and hosted as virtual machines in the Microsoft Azure marketplace. The tool creates SSIS workflows that use SSIS data masking components to de-identify sensitive data.
The HushHush Sensitive Data Discovery tool uses Safe Harbor and other pre-defined elements as a base for the discovery model. The user is also able to add metadata to the model.
The proprietary algorithm searches in databases for metadata, data patterns, and values, and assigns a rating to the “suspected” attributes based on the presented sensitive data type. Sensitive data types include Name, Last Name, Street Address, City, State, Country, Zip, Phone, Generic Alpha Numeric ID, SSN, SIN, Credit Card, PAN, Driver License, Numeric, Date of Birth, Email, VINs.
The search is not exhaustive and if the metadata has not been properly named, it will use subsamples based on statistical “popularity” of data in the USA and Canada. To use a completely exhaustive search would be impractical in the case of large data sets.