Data Sensitivity

Data sensitivity shows if data in the asset is sensitive or not. Data is considered sensitive when the asset contains, for example:

  • Credentials, such as private keys or secret access keys

  • Financial information, such as credit card numbers or bank account numbers

  • Sensitive personal information, such as health insurance or medical identification numbers

The risk score considers the data sensitivity of your assets and defines each of them as:

  • Sensitive - The asset contains sensitive data.

  • Not sensitive - The asset does not contain sensitive data.

  • None - CloudGuard cannot calculate the data sensitivity of the asset based on the available information.

CloudGuard assigns one of these Data Classification categories to each asset:

  • PII (Personal Identifiable Information)

  • PCI (Payment Card Industry)

  • PHI (Protected Health Information)

  • Credentials

  • Other

The table below shows the sources that CloudGuard uses for the data sensitivity classification.

Data Security Posture Management (DSPM) Provider

Platform

Asset Type

Sources for Data Classification

AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. Macie

AWS

S3 bucket

CloudGuard uses the sensitivity score calculated by Amazon Macie to find the data sensitivity of the S3 bucket.

Microsoft Purview

 

 

 

AzureClosed Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®.

 

 

 

Storage Account

For each Microsoft Purview account that you connect to CloudGuard, you must grant a Data Reader role in Root Collection to the App Registration that you created during CloudGuard onboarding.

 

 

 

Cosmos DB

MySQLDBFlexibleServer

SQL Server

Cyera

 

 

 

 

 

 

 

 

Azure

 

 

 

 

 

 

 

 

Storage Account

 

 

 

 

Create a Cyera integration in the CloudGuard Integration Hub. See Classifying Assets with Cyera.

 

 

 

Storage Blob ContainerClosed A lightweight and portable executable image that contains software and all of its dependencies. Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling.

SQL Server

Cosmos DB

MySQLDBFlexible Server

PostgreSQLFlexibleServer

Virtual Machine

SQL Managed Instance

Cache for Redis

Sentra

 

 

 

 

 

 

 

 

 

 

 

AWS

 

 

 

 

S3 Bucket

 

 

 

 

 

 

Create a Sentra integration in the CloudGuard Integration Hub. See Classifying Assets with Sentra .

 

 

 

 

 

 

 

 

 

RDSClosed Relational Database Service (RDS) - A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.

DynamoDB Table

Redshift

EC2Closed Amazon EC2 - A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers. Instance

Azure

 

 

 

 

 

Storage Account

SQL Server

PostgreSQL

PostgreSQL FlexibleServer

Cosmos DB

Virtual Machine

GCPClosed Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube.

Cloud Storage Bucket