Blog Post
Scanning Microsoft SQL servers
Microsoft SQL servers store data in a table structure, this stored data is then organised into columns and rows within the table object. These servers can be used to store vast quantities of data that can easily be retrieved by using SQL statements. SQL is useful for database administrators to manage and organise the data, however, the administrator must specify precisely what data they are searching for. They can not be sure whether or not it is sensitive data and there is no SQL query for finding all instances of sensitive data.
Enterprise Recon has the ability to scan Microsoft SQL servers and return each and every instance of sensitive personal data from its preconfigured list of over 200 types of sensitive personal data.
Enterprise Recon has the ability to scan extremely large Microsoft SQL servers whilst still allowing employees access to them. We realised that if we attempted to scan an entire database at once, we could run the risk of locking databases administrators out of using it during the scanning process and could potentially prevent them from carrying out their duties. We addressed this issue by designing Enterprise Recon to intelligently select and scan specific chunks of the data at a time to ensure that the scans do not impact everyday use of the server.
This intelligent scanning offers two marked benefits. The first and most obvious is that are scans are carried out unobtrusively. The segmentation of scans allows the database to remain functional. The second advantage is that due to the intelligent segmenting of scans when Enterprise Recon detects large volumes of data, the software is able to scan massively scaled database servers without impacting the performance of the scans as they accurately detect sensitive data in chunks at a time.
If a specific data type is required Enterprise Recon gives you the option to generate your own custom data type profiles. This feature is extremely useful for meeting international data security standards such as PCI DSS and GDPR. If your organisation uses Microsoft SQL Server databases to store information such as employee names, addresses and bank details. These data types are available preconfigured with Enterprise Recon. But occasionally certain specific information must be found and highlighted. In instances such as this, administrators may be required to find data that is not preconfigured, the most common causes of this are often very simple to configure manually.
For example, if your organisation is posed with the challenge of performing a GDPR mandated subject access request to find and retrieve specific GDPR protected credentials for an individual. Under this EU law, organisations must be able to find and return instances of sensitive personally identifiable information upon request from the said individual. Finding and returning patterns of this data can be very difficult if they have large volumes of structured or unstructured data. Ground Labs helps organisations to overcome this challenge quickly. Enterprise Recon empowers you to find this data quickly and easily when configured to do so correctly. If you are having any issues with configuring your own data type profiles, our support team is on hand 24 hours a day, 5 days a week and will be more than happy to assist you with any problems you encounter.