Discover Sensitive Data in Data Stores

Data continues to be a core driver for business needs and processes. As the application footprint grows, data is stored in different cloud stores and continues to grow at a rapid pace. Application stores sensitive data across structured data stores, unstructured data stores and semi-structured data stores. This makes it challenging for a Cloud Security administrator to keep up with risk and incidents on different data stores and prioritize effectively.

Prisma Cloud helps you, as a Cloud Security administrator, meet this challenge by enabling you to:

• Focus for prioritization - Let’s say you receive a notification for a critical Attack Path policy violation. Upon reviewing the attack path policy, you identify a connection to an S3 bucket. Before taking action, you want to prioritize the alert based on data value. This is where data security offers insights into the type of sensitive data stored in the asset to help you clearly assign the alert priority.

• Plan for Data Security Posture Management (DSPM)- To establish a Data Security strategy, you need to scan your data stores to identify sensitive information. This process provides you with an inventory of data stores and their data classification. With this visibility, you know where your crown jewels are stored and you can prioritize addressing any misconfiguration and threats to the crown jewels before acting on the other data stores or classified data.

Begin your journey by enabling Data Security on your Prisma Cloud tenant to discover and classify sensitive data in unstructured data stores like AWS S3 and Azure blob.

1. Subscribe to Data Security

a) Log in to Prisma Cloud console,

b) Navigate to Inventory > Data, and Enable Data Security

2. Provide permissions for data security to scan your data stores

a) Select Cloud Security > Settings > Providers> Cloud Accounts and select the cloud account on which you want to enable Data Security.

b) Redeploy the templates and provide additional permissions required to scan data stores.
Verify that the permissions are granted and the data ingestion is successful.

c) Select Cloud Security > Settings > Data, configure scan on specific data store such as AWS S3 or Azure blob.

3. Set up an integration with your monitoring tools or automation workflows

When a policy violation occurs, this integration will enable you to receive notifications for a critical or high severity alert generated on Prisma Cloud.

4. Take action

• To focus on prioritization when you receive a notification to a critical attack path alert.

a) Review the evidence graph.

b) Select the Alert and the Alert ID for the evidence graph.

If the resource associated has a crown jewel, it implies that the storage asset has sensitive data finding.

c) Review all the data objects (files for S3 and Blob, and database tables).
d) Select the asset for a quick view card, and View Details to explore the objects tab for more details.

e) Based on the data sensitivity, prioritize fixes for the attack path.

• To focus on DSPM - Data Security Posture Management

1) Discover and classify data

When you onboard the cloud account and enable data security scans on your cloud account, by default, the predefined profiles—Financial Information, Healthcare, Intellectual Property, and PII—are enabled. You can learn more about data patterns and profiles.

2) View the data inventory of scanned data stores and prioritize fixes.

a) Select Inventory > Data

b) Click on a cloud service provide to view all the data stores scanned

For AWS S3 buckets and Azure Blobs - exposure, sensitive and malware analysis results are displayed. As a cloud security administrator, you can review all the misconfiguration and threats on data stores with sensitive data and prioritize the fix.