What is data discovery?
Data discovery is an exercise that uses business analysis and technical, hands-on methods to locate sensitive data on your systems. It is a requirement of regulations such as GDPR, DPA; and also PCI DSS and ISO 27001 standards.
Why do you need data discovery?
Investment in a data discovery exercise is critical, to highlight areas of insecure data storage and reduce your attack footprint. Cyber thieves cannot steal what isn’t there.
- Protect your company’s profits and reputation – by avoiding financial disaster and negative publicity associated with a compromise of your data.
- Satisfy regulatory requirements – GDPR, FCA, PCI DSS, HMG and ISO 27001 demand it.
- Peace of mind – that your customer’s data is protected from cyber criminals, internal threats and malware.
- Reassurance that your valuable data – is identified; and steps are taken to secure it.
- Protection against compliance breaches – and subsequent regulatory fines and potential law suits.
- Evidence to support increased investments – in security personnel and technology.
- Independent expert assurance – that your data is adequately protected.
It is essential you choose an experienced data discovery partner provider with real-world knowledge that can help. 2-sec is a market leader trusted by hundreds of companies globally. Here’s why:
Fully accredited – We hold a range of accreditations both at a corporate and individual level including CREST , QSA, PA-QSA, Cyber Essentials Plus, IASME Gold, CHECK, CISSP, CISA, CISM, SANS-GIAC and CEH.
Access to a dedicated Customer Success Manager – We know that you’ll have a lot of questions throughout this process so you’ll have direct phone and email contact with your own go-to person.
Bespoke data discovery programme – We will develop an exercise that suits the business profile of your company no matter how big or small.
High levels of customer satisfaction and retention rates – Many of our clients have been with us since day one.
An industry leading expert in data discovery – Our highly experienced security consultants have been performing data discovery exercises and security assessments for more than two decades.
Innovative range of testing tools – If an open source or commercial tool doesn’t do the job, we write our own, using an experienced team of application security software developers. Our security testing lab comprises of some of the best security testing tools available.
We communicate clearly – Our mission is to ‘simplify security’ and we will communicate any issues or remediation recommendations in a clear and jargon-free way, understood both by your engineering and senior management teams alike.
Easy to understand reporting – We will provide you a detailed breakdown of all your results in an easily interpretable format.
Transparent proposals – With inclusive pricing so you get no unexpected surprises.
How data discovery works
We follow a four step process:
We will work together to define the business areas, data flows, critical applications, systems and networks to be included.
Hands on interactive discovery undertaken by our experienced team incorporating a wide range of discovery methodologies including data profiling, data enumeration, automated testing; and analysis of data flows.
Communication throughout the process regarding identified issues and associated remediation steps, regular progress reports, automatic critical risk reporting and a comprehensive final discovery report.
We will give you a step-by-step insight of how we discovered data on your systems; and what you can do to address this.