What enterprise tools can scan files for sensitive data?
Is there an enterprise tool available on the market to scan all the workstations on a network and find non-compliant files like mp3s and videos? I would also like to scan text-based files for sensitive data like credit card or social security numbers.
The first question is easy: There are quite a few tools out there that will let you inventory applications and files stored on enterprise workstations. Simply searching the Web for "workstation audit" will provide information about many suitable products.
The second half of your question is a bit more challenging. Searching systems for the presence of sensitive data (such as credit card numbers or SSNs) is a hot topic these days. Given the recent spate of high-profile data security breaches, organizations are keen to secure known stores of sensitive information, as well as ferret out any dangerous unknown goldmines. There are open source security tools to assist with this task, like Spider from Cornell University. The downside to any of these tools is that they're bound to have a high false-positive rate, and the only solution is spending time analyzing log files.
Learn how the PCI standard affects the storage of sensitive information.
Find out more about acceptable use policies.
This was first published in December 2006