Open Raven Platform Release: Composite Data Classes - A Significant Leap Forward in Data Classification
In March, we released a powerful new feature - Composite Data Classes. This new feature allows you to easily create a data class “group” to represent your organization’s definition of personal data / PII, personal health information, etc. In turn, this composite data class can then be discovered and assessed as a single entity instead of individual data classes (e.g., first name, last name, address, IP address, etc.), making viewing, reporting, and working with even complex data classes straightforward.
When we asked Open Raven users about their most significant data risk areas, they consistently named two types: personally identifiable information and “crown jewel” data. If either type of data were lost in a breach or incident, it would likely be expensive and embarrassing. While security teams are tasked to prioritize securing and limiting access to these kinds of data, they often do not know where this data resides or what it looks like. Worse, as various members of the organization access data, they may create new combinations of data - joined across multiple, disparate data sets - resulting in a new dataset with unique privacy, legal, and strategic risk factors.
Take, for example, a large retailer with in-store wifi access points that collect network logs. When separated into two different data sets, retail locations and wifi access logs might be considered low risk since the former is public knowledge and the latter cannot be used to identify individuals on their own. However, when combined, this data is highly sensitive. It can be used to estimate the number of visitors per location by calculating the number of mobile devices seen by each wifi access point. Once location data and network activity logs are combined, one can estimate business health, as they can see if stores are getting more or fewer visitors. In this example, security teams need to quickly identify where network data and location data may have been combined into a single data set and ensure it has the correct security posture.
Below is an example of creating a Composite Data Class to identify when network logs and location data exist in the same data set.
Composite Data Classes work just like standard data classes. Data objects (file, table, or other data object) with data matching a Composite Data Class are identified in the Data Catalog as Composite Data Findings. They can also be used in rules and policies.
Other Notes
RDS snapshot scanning now supports KMS-encrypted RDS instances and secrets stored in AWS Systems Parameter Store.