ControlCase Releases Free Data Discovery Tool

Share Article

ControlCase Data Discovery (CDD) identifies unencrypted cardholder data across the enterprise from one location to help organizations reduce the risk of data breach and exposure.

ControlCase, a leading supplier of IT Governance, Risk and Compliance (GRC) software solutions and managed compliance services, today announced the availability of a free downloadable data discovery tool (ControCase Data Discovery Desktop Edition FREE) which enables organizations to identify and securely remove unprotected cardholder data that may be stored on their systems. ControlCase Data Discovery (CDD) has been developed to meet risk and compliance requirements as outlined in version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS); the latest update to the standard reinforces the need for businesses to have a methodology in place for finding and securing unprotected cardholder data.

“More often than not companies have no visibility of large quantities of unprotected data that is inadvertently stored on their systems. This is a significant business risk,” said Ashwani Kaul, President, ControlCase Technologies. “Detecting and then managing this legacy data is a business imperative if companies want to comply with the PCI DSS. Once you have started using data discovery software, you have effectively reduced the cost and complexity of achieving and maintaining PCI DSS compliance. In many respects our software acts as an early warning system, as it alerts key stakeholders to the fact that unprotected data has been created on their business systems.”

CDD is available in various versions, from a FREE download that can scan local hard disk, removable drives etc on one PC, to an Enterprise version that rapidly scans the entire client network to identify unprotected and legacy data residing in file systems and commercial and open source databases. With the Enterprise version, all of the scanning is done from one place, so there is no need to duplicate the process for each individual PC or laptop.

CDD has been developed to find credit card data in common file types such as Word and Excel and in most commercial and open source databases such as Oracle, SQL Server, Sybase and MySQL. Specifically, the software will search the network and find unique PANs (primary account numbers), TRACK1 and TRACK2 (magnetic strip data on payment cards which enables cybercriminals to clone cards), CVV (card verification value) and PINs (personal identification numbers).

ControlCase has developed two versions of the software; desktop and enterprise. Key features of the enterprise version include:

  • No file type constraints, CDD searches the entire hard disk for credit and debit card data;
  • Finds credit card data in network shares;
  • Searches the entire network and active directory for credit card data from one location;
  • Finds credit card data in most popular commercial and open source databases; and
  • Extremely fast and uses very few network or CPU resources.

Frequently, businesses are unaware that compromised data resides on their systems. This is essentially due to the fact that such data is often created and stored unintentionally. For example, cardholder holder data can be replicated and not protected if a business process is updated or changed (such as modifying your backup system), or if a payment system is misconfigured, or if the data is stored on a web server, application or transaction log. This is why the latest version of the PCI DSS includes the requirements for the regular use of data discovery tools.

Ashwani Kaul concluded: “Data discovery should not be viewed as a one-time exercise. It should form part of an ongoing risk and compliance process. Compliance with PCI DSS clearly prohibits the unencrypted storage of cardholder data. Software such as CDD is no longer a nice to have for business. The reality is that cybercriminals will do anything to access cardholder data, if it’s sitting on a system unprotected then business is making the criminals’ job that much easier.”

The FREE version of the software can be downloaded from

About ControlCase

ControlCase is a global provider of software, professional services, managed services and SaaS solutions. Its offerings enable organizations to effectively manage their IT Governance, Risk Management and Compliance (IT GRC) efforts. Headquartered in the United States, with offices in Europe, India and the Middle East, ControlCase provides compliance related software and services for companies and government agencies that require a consistent and repeatable means of complying with multiple regulations.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Hugh Kominars
ControlCase LLC
(703) 483-6383
Email >
Visit website