One of the important tasks that is needed for any organization that wants to better protect their sensitive data is some sort of list of what data is sensitive. Often we might assume all data matters, in which case we embark upon projects to over protect everything. That leads to high costs, and often a decision to stop trying to over protect everything. Which means often we stop protecting some sensitive data.
The idea of a data catalog that has some metadata or information about all the data in your organization has been around for some time, but often the task is handled by a spreadsheet of some sort, filled out as a project and then forgotten, never maintained and perpetually out of date.
The early versions of a data catalog from Microsoft, and a few other companies, involved essentially a web form that filled out a spreadsheet for you. Not a good way of managing this data.
We’re giving this a try. Redgate has launched a beta of our Data Catalog utility. I’ve watched this work for almost a year now as engineers have been trying to understand the problem space and find a better way. Customers want it, and in the case of the GDPR, need it.
Our first cut integrates with other products, such as our SQL Provision, which should help you find places where you might not be in compliance with regulations such as GDPR, HIPAA, and PCI. You’ll see when a new copy of a database has data that should be masked, and you can ensure that you mask it when making copies for development and test environments.
Give it a try, and let us know what you think.