The electronic storage of sensitive information may present a risk of inadvertent disclosure to the organization storing the information. Accordingly, organizations may review their data storage facilities for the presence of sensitive information, such as credit card or social security numbers.
When organized records of structured data storage facilities are present, organizations can conduct a review of those data storage facilities to identify the presence of sensitive information and to assess the risk of unauthorized access of the sensitive information. It has been found, however, that organizations are typically unable to conduct a review of older or unstructured data sets for the presence of sensitive information. Additionally, mainframe systems for such organizations are often in persistent use, and cannot be taken offline to identify sensitive information. Stringent restrictions on the amount of mainframe processing usage further complicate matters. Accordingly, these organizations are typically forced to assume the risk of the unauthorized access or dissemination of sensitive information.
There are guidelines, such as the Payment Card Industry Data Security Standard (PCI DSS), which may help organizations understand how to effectively discover and protect sensitive information. However, these guidelines are generally agnostic regarding the operating system where the data is stored, and mainframe systems tend to be excluded from serious consideration in automated sensitive information discovery applications.