SENSITIVE DATA DISCOVERY
SDD helps in analyzing data using keywords, regular expressions, format, and numeric data with control digits such as credit cards, national identification numbers or IBANs. SDD rules define where, what and how should sensitive data be searched for. The findings could be fine-tuned by editing or adding new rules.
The SDD process starts with defining SDD rules for selected policy items. You can define an arbitrary number of rules for a selected policy item.
Once the SDD process is executed and the results (findings) are returned, the user has the option to mark particular findings as hit or miss. Hit means that the finding corresponds to the expected policy requirement. When selecting between hit and miss the user can also use the implementation note to describe how the data in the designated field is going to be anonymized. This note will be then used by Test Data Producer role when implementing actual BizDataX workflow.
Figure 9: Managing Sensitive Data Discovery rules
Mark findings as hits or misses, add implementation notes where needed.
The final result of a SDD process is the workflow implementation report. It contains information relevant for implementers such as policies and implementation notes for each field from within the selected data sources.