Database related technologies allow the storage of data, and some of this data may be sensitive in nature, for example, confidential information such as:
- First Name
- Last Name
- Contact details
When analyzing this type of data, CAST has the ability to tag a resulting object with a specific sensitivity level property, and this property can then be seen and exploited in CAST Imaging, for example:
How does it work?
There are various types of sensitive data that CAST can detect during an analysis:
A list of key words (i.e. names of objects that contain sensitive data) together with their sensitivity level must be configured in a plain text file with the extension .datasensitive before the analysis is run and this file must be delivered with the source code. When a key word defined in the .datasensitive file matches an object created during an analysis, a property will be added to the object that flags it with the defined sensitivity level. This property can then be seen and exploited in CAST Imaging.
Built-in for Table Columns
The com.castsoftware.datacolumnaccess extension provides a predefined list of key words to match data sensitive table column objects. The list of key words is documented in the extension itself. The extension also supports custom key words.
GDPR and PCI-DSS specific
GDPR and PCI-DSS - this is automatically detected by CAST Console ≥ 1.26 for all supported technologies (see below) using a predefined list of key words - see Application - Overview with Fast Scan. The list of key words provided on each Node is as follows:
GDPR key words
PCI-DSS key words
Which technologies are supported for data sensitivity detection?
|Technology||Custom key words||Built-in key words||GDPR/PCI-DSS||Targeted object types||Required extension|
|NoSQL for Java|
|com.castsoftware.nosqljava (≥ 1.6.16)|
|NoSQL for .NET||Collections||com.castsoftware.nosqldotnet (≥ 1.7.0)|
|SQL||Table Columns||com.castsoftware.datacolumnaccess - note that this extension provides a default list of key words for data sensitive table columns, but custom key words can also be added.|
|SQL||Tables||com.castsoftware.sqlanalyzer (≥ 3.6.10) - see also SQL Analyzer - RDBMS Table Sensitive Data.|
Custom key words
Define the .datasensitive file
First define the key words which will be used to identify the corresponding objects which you want to flag. To do this, you will need to create an empty text file with the extension .datasensitive (it can be named anything). You should then fill this file with your key word definitions, using the format shown below:
- one key word per line
- three levels of sensitivity - these are case sensitive and must respect the format listed below otherwise they will be ignored:
Deliver the .datasensitive file
The .datasensitive file must be delivered with your source code. It should be located in as follows:
|com.castsoftware.mainframe.sensitivedata||In a dedicated folder called Database specifically for the .datasensitive file.|
|com.castsoftware.nosqljava||In the root folder along side the source code.|
|com.castsoftware.nosqldotnet||In the root folder along side the source code.|
|com.castsoftware.datacolumnaccess||In the root folder along side the source code.|
|com.castsoftware.sqlanalyzer||In the root folder along side the source code.|
Note that CAST Console does not expose the .datasensitive file in the Overview panel:
GDPR and PCI-DSS files
There is no configuration required for GDPR and PCI-DSS: CAST Console will automatically retrieve the necessary files before analysis, so you do not need to provide them (as they are standard files).
What results can we expect?
Once the analysis/snapshot generation has been completed, you can view the results in the normal manner (for example via CAST Imaging). Some examples are shown below:
Custom sensitive property
When an object name matches a key word defined in the .datasensitive file delivered with the source code:
Built-in sensitive property
These are provided by the com.castsoftware.datacolumnaccess extension for Table columns - note that CAST Imaging does not currently expose Table columns in the view interface:
GDPR sensitive property
When an object name matches a GDPR key word:
PCI-DSS sensitive property
When an object name matches a PCI-DSS key word: