Sensitive data

Sensitive information refers to private or confidential data that should be protected from unauthorized access or disclosure. This can include personal information such as social security numbers, financial information such as credit card numbers, and confidential business information. It is important to protect sensitive information because unauthorized access or disclosure can result in identity theft, financial loss, and damage to an individual's or organization's reputation. In some cases, unauthorized access or disclosure of sensitive information can also be illegal.

To protect sensitive data, it must first be defined and identified correctly. You can define your sensitive data in datatypes in Data Classification. Once the sensitive data is defined, Traceable discovers the sensitive data flowing through the various API Endpoints. Traceable provides you with a summary and an in-depth view of the sensitive data. Navigate to API Catalog → Sensitive Data.

Sensitive data summary

Traceable provides a summary of sensitive data it has observed in the selected period. For example, in the above screenshot, the sensitive data summary is for the last 3 days. As shown, Traceable has seen 29 Sensitive Data Types. These 29 sensitive Data Types are associated with 531 API Endpoints. The summary also shows the top 10 observed Data Sets for the selected period. For more information on Data Sets and Data Types, see Data Classification. The observed sensitivity of critical, high, medium, and low is the one that you assign to a dataset when you add a new dataset. 

Sensitive data details

You can view detailed information about sensitive data based on various filters. For example, in the Data Catalog tab shown in the above screenshot, you can choose to view all the sensitive data associated with a specific API. Click on the API Endpoint drop-down list and select the API Endpoint to view the associated sensitive data. You can reverse view all the API Endpoints associated with specific sensitive data by clicking on the sensitive data name. You can further navigate to the specific API Endpoint details page by clicking on an API name.

You can also click on the Endpoints tab to view detailed information with more granular filtering. For example, in the Endpoints tab, you can filter results to view sensitive data for one or more Data Sets. You can also filter sensitive data based on Data Types or select to view sensitive data exposed in a specific API Endpoint. This helps you identify if an API is exposing any unintended sensitive data. You can also view the associated risk score with the API Endpoint. By default, the Endpoints tab lists all the APIs and associated sensitive data.

Furthermore, Traceable provides a Third Party tab to view information about sensitive data flowing through third-party domains and their associated APIs. Like the Endpoints tab, you can filter sensitive data based on various attributes, such as caller service, data types, sensitivity, etc.