Security audits are an essential part of a database administrator’s (DBA) responsibilities, especially when it comes to compliance with regulations like General Data Protection Regulation (GDPR) and Payment Card Information (PCI). One of the key challenges faced by auditors is determining the location of sensitive data and ensuring its proper classification. To address this issue, Microsoft introduced Data Discovery and Classification, a feature that helps identify and categorize sensitive data within SQL Server databases.
While Data Discovery and Classification is a valuable tool, it may not meet the specific needs of every organization. To provide a more tailored solution, Redgate has developed the ‘SQL Data Catalog’, a tool that allows users to add classification information to columns within a database. This information can then be used to categorize data according to specific requirements and generate reports for auditors.
When using the SQL Data Catalog, the initial view shows a summary of the classified data at the server level. This summary is represented by a ‘donut’ chart, with each color indicating a different classification status. By drilling down into the summary, users can view the classification status for each user database on the server.
The SQL Data Catalog also provides classification suggestions based on column names and recognized words or abbreviations. These suggestions can be accepted or modified to suit the organization’s needs. To facilitate the classification process, users can create a taxonomy that defines the ‘Information Type’ and ‘Sensitivity Label’ for each column. The taxonomy can be customized by adding additional tags and specifying whether a column can have multiple values.
Assigning classifications to columns can be done individually or in bulk using the extensive search functionality within the SQL Data Catalog. Once classifications have been assigned, the tool provides a visual representation of the ratio of classified to unclassified data, allowing users to track their progress.
In addition to its user-friendly interface, the SQL Data Catalog offers several options for managing larger tasks. It provides an extensive PowerShell library and a RESTful API for automation and integration with other systems.
Exporting information from the SQL Data Catalog is possible through a CSV file, but the true power lies in the central database created by the tool. This database enables organizations to generate detailed reports on data sensitivity, regulations, and types across their server estate. For example, a Power BI report can be created to visualize the breakdown of data sensitivity and drill down to specific databases.
As an Early Access Program (EAP) participant, I have had the opportunity to explore the ongoing development of the SQL Data Catalog. Redgate is continuously enhancing the tool’s security features, auditing capabilities, and other areas to provide a comprehensive solution for data discovery and classification.
Aside from its primary purpose, the SQL Data Catalog has additional benefits. It allows DBAs to gain a deeper understanding of the databases in their domain, identifying areas for improvement in terms of data types, table structures, and relationships. The tool also helps uncover gaps in documentation and flag columns that require further research.
In conclusion, the SQL Data Catalog is a valuable addition to the Redgate collection. Categorizing and tracking sensitive data is crucial for compliance and avoiding severe penalties. With its intuitive interface, customizable taxonomy, and reporting capabilities, the SQL Data Catalog simplifies the process of data discovery and classification, making it an essential tool for DBAs and organizations.
For further information, you can refer to the following resources: