First of all, every security project begins with understanding the data that needs protecting: determining where data is coming from and how it is stored; plus who has access and how the company needs to deploy that data.
Only then — when you have a complete understanding of the data — can you protect it while maintaining its viability for the business. You can do this because you feel fairly confident you know where your sensitive data is. For example, in protecting a database, it is standard to identify the location of sensitive data by the column names.
As it turns out, though, more than 70% of your sensitive data isn’t in those places, after all. Most of it is stored in undocumented and hard-to-find locations such as complex columns, free text fields, and temporary tables.
How do you secure what you don’t know exists? Click here to download the full document.