Oracle Cloud Infrastructure Documentation

About Data Discovery

Protecting sensitive data begins with knowing what sensitive data you have, and where it is located. Data Discovery inspects the metadata and actual data in your Oracle Cloud databases to discover sensitive data and provides comprehensive results listing the sensitive columns and related information.

Data Discovery uses sensitive types that define the kinds of data to look for. Oracle Data Safe provides over 125 predefined sensitive types that you can use to search sensitive data. The sensitive types cover personal data pertaining to identification, biographic, IT, financial, healthcare, employment, and academic information. You can also create your own sensitive types. The predefined sensitive types are organized under categories, making it easy to find and use relevant sensitive types. You tell Data Discovery what to look for, and it finds the sensitive columns that meet your criteria.

You can optionally choose to collect sample data from your target databases. Sample data can help you validate the discovered sensitive columns. You should be careful while using this feature, however, as it collects sensitive data. Only authorized people should be able to collect and see the sample data.

Data Discovery saves the discovery results as a sensitive data model (SDM). An SDM consists of discovered sensitive columns and referential relationships. You can perform incremental updates to an SDM and manually add and remove columns from an SDM.

You can use an SDM to implement other security controls, such as data masking. For example, you can define a masking policy using an SDM and use it to mask the sensitive data on target databases. See Masking Policies.

SDMs get stored in the Oracle Data Safe Library, enabling you to reuse an SDM for multiple masking policies. Users can export an SDM and import it into other Oracle Data Safe Libraries for reuse. The verification feature identifies any differences between an SDM and a selected target database.

To help you understand your sensitive data and for record keeping, Data Discovery provides a report that lists the sensitive columns and details about those columns. The sensitive columns are categorized based on their sensitive types. The report also includes the total number of sensitive tables, columns, and values discovered. A chart lets you compare the amount of sensitive data at sensitive category and sensitive type levels. You can also download this report from the Oracle Data Safe console.