Voltage SecureData Discovery lineage
Carries the Voltage classification depth Voltage Security built over two decades. Pattern-plus-context classification reduces noise compared to pattern-only DLP discovery.
OpenText • Data management
OpenText Core Data Discovery and Risk Insights
Core Data Discovery and Risk Insights inventories regulated data across structured and unstructured stores, scores risk per repository, and gives compliance teams a single picture of where regulated PII, PHI, PCI, and proprietary data actually lives.
Through Merito, Core Data Discovery is connected to the customer's actual data fabric across databases, file shares, SaaS apps, and cloud storage, with the classifier policy tuned for context (not pattern alone) and the risk-scoring output routed into compliance and downstream remediation workflows.
- Best for
- Compliance leaders building data inventory for GDPR, HIPAA, PCI DSS, and CCPA, Data privacy officers running data-protection-impact assessments, Data security architects designing tokenization and FPE policy
- Hosting
- SaaS
- Time to value
- First data store scanned in days. Classification policy tuned and risk-scoring live in two to four weeks. Enterprise rollout across the data fabric typically runs three to six months.
- Security posture
- GDPR, HIPAA-aligned design, SAML SSO
- Last reviewed
- 2026-04-26
What it is
OpenText Core Data Discovery and Risk Insights in the enterprise stack
Core Data Discovery and Risk Insights carries the Voltage SecureData Discovery lineage. It scans structured stores (databases, data warehouses, lakehouses), unstructured stores (file shares, SharePoint, OneDrive, Box, Google Drive), and SaaS data sources, classifies content for regulated patterns (PII, PHI, PCI, proprietary identifiers), and scores risk per repository so the compliance team gets a usable inventory rather than a database dump.
The classification engine is the load-bearing capability. Pattern matching alone produces too much noise (every numeric string of the right length is not a credit card number). Voltage's classifier combines pattern matching with context analysis (is the field labeled in a way that suggests sensitive data, is it stored alongside other sensitive fields, does the access pattern suggest regulated use) so the inventory reflects actual regulated data rather than every regex match. Programs running pattern-only DLP discovery generate noise that the compliance team eventually ignores.
Risk scoring per repository is the prioritization signal. Not every repository is equally critical: a production CRM database with millions of customer records is a different risk than a developer's test database with synthetic data. Core Data Discovery scores per repository based on data volume, sensitivity, access patterns, and exposure surface so the compliance team triages high-risk repositories first. The output feeds Data Privacy and Protection Foundation (the Voltage SecureData lineage) for downstream tokenization and FPE protection.
What derails Data Discovery adoption is incomplete coverage. The product needs connectors to every store the program cares about, and programs that scan only the easy half (production databases, SharePoint) miss the hard half (third-party SaaS, shadow IT, cloud storage buckets that nobody catalogued). Merito's engagement starts with data-fabric inventory: where is the regulated data, what stores need to be in scope, and which connectors need to be deployed. Without that, the inventory looks complete and is not.
Ideal use cases
- Regulated data inventory for GDPR, HIPAA, PCI DSS, CCPA, and sector-specific mandates
- Risk scoring per repository for prioritization across the data fabric
- Sourcing classifications for downstream Voltage SecureData tokenization and FPE
- Data-fabric coverage including structured, unstructured, and SaaS sources
- Migrating off ad-hoc DLP discovery onto a productized risk-scoring engine
What it is best at
Where OpenText Core Data Discovery and Risk Insights earns its seat
Coverage across structured, unstructured, and SaaS
Databases, data warehouses, lakehouses, file shares, SharePoint, OneDrive, Box, Google Drive, plus SaaS data sources. Programs stop stitching together specialist tools per data type.
Risk scoring per repository
Scores by data volume, sensitivity, access patterns, and exposure surface. Programs triage high-risk repositories first instead of treating the inventory as flat.
Native handoff to Data Privacy and Protection Foundation
Discovery output feeds the Voltage SecureData lineage product for tokenization, FPE, and key management on classified data.
Compliance-ready evidence
Audit-ready reports for GDPR, HIPAA, PCI DSS, and CCPA. Programs subject to regulated data audits get the inventory and risk-scoring evidence in standard formats.
Core capabilities
OpenText Core Data Discovery and Risk Insights capabilities, grouped by outcome
Discovery and classification
Where the noise reduction comes from on real data inventories.
Pattern-plus-context classification
Combines regex patterns with context analysis (field labels, neighboring fields, access patterns). Reduces noise compared to pattern-only DLP discovery.
Structured store coverage
Databases (Oracle, SQL Server, PostgreSQL, MySQL, DB2), data warehouses (Snowflake, Redshift, BigQuery), and lakehouses (Databricks).
Unstructured store coverage
File shares, SharePoint, OneDrive, Box, Google Drive, S3, Azure Blob, GCS.
SaaS data source coverage
Salesforce, ServiceNow, HR systems, marketing automation, and other SaaS sources where regulated data accumulates.
Risk scoring and prioritization
Turning raw classification into a triage queue compliance can work.
Per-repository risk scoring
Scores by data volume, sensitivity, access patterns, exposure surface, and historical incident shape.
Configurable risk thresholds
Different thresholds for different data classes (PHI vs. PCI vs. proprietary). Programs avoid treating the inventory as flat.
Trend reporting
Risk-score evolution over time as remediation progresses. Programs measure whether the data-protection program is actually reducing exposure.
Compliance and integration
Discovery output flowing into the rest of the data security stack.
Handoff to Voltage SecureData (Data Privacy and Protection Foundation)
Classified data flows into tokenization and FPE protection policy.
GRC and compliance reporting
Audit-ready reports for GDPR, HIPAA, PCI DSS, CCPA, and sector mandates.
DLP and SIEM integration
Risk-scoring data flowed into DLP enforcement and SIEM correlation.
Data-protection-impact assessment evidence
Inventory and risk data formatted for DPIA and PIA documentation.
Where it fits in the stack
How OpenText Core Data Discovery and Risk Insights connects to the rest of your landscape
OpenText Cybersecurity (native)
Native- OpenText Data Privacy and Protection FoundationDiscovery output feeds tokenization and FPE policy on classified data.
- OpenText Structured Data ManagerDiscovery feeds masking and lifecycle management on regulated database content.
- OpenText Data Access GovernanceDiscovery feeds unstructured-data permission review.
- OpenText Core Threat Detection and ResponseRisk-scoring data informs SOC detection on regulated data exposure.
Data store ecosystems (certified)
Certified- Oracle, SQL Server, PostgreSQL, MySQL, DB2Native database connectors with read-only scanning permission.
- Snowflake, Redshift, BigQuery, DatabricksData warehouse and lakehouse coverage.
- SharePoint, OneDrive, Box, Google Drive, S3, Azure Blob, GCSUnstructured store and cloud storage coverage.
- Salesforce, ServiceNow, HR systems, marketing automationSaaS data source coverage.
Custom integrations
Custom- Internal data stores and proprietary systemsAPI and JDBC connectors for non-standard data stores.
- Custom GRC and DPIA reportingData inventory and risk data flowed into internal GRC and DPIA platforms.
- Custom DLP and SIEM integrationRisk-scoring data flowed into DLP enforcement and SIEM correlation.
Deployment and implementation
How it rolls out
- Hosting
- SaaS (North America, EMEA, APJ)
- Implementation complexity
- High
- Typical time to value
- First data store scanned in days. Classification policy tuned and risk-scoring live in two to four weeks. Enterprise rollout across the data fabric typically runs three to six months.
- Prerequisites
- Data-fabric inventory (databases, file shares, SaaS sources in scope)
- Connector access credentials and read permissions
- Named data privacy or compliance owner
- Classification-policy framework drafted (which patterns count, which contexts qualify)
- Risk-scoring threshold targets per data class
- What Merito usually handles
- Core Data Discovery and Risk Insights runs as SaaS. Merito handles data-fabric mapping, connector deployment, classification-policy tuning, risk-scoring threshold design, and downstream handoff to Data Privacy and Protection Foundation.
Licensing and packaging
How it is bought
- Model
- Subscription
- What to expect
- OpenText Core Data Discovery and Risk Insights is SaaS-licensed by data volume scanned, repository count, and connector scope. Pricing depends on the data-fabric breadth in scope. License acquisition flows through Merito; the data-protection program is scoped under a separate engagement.
- Editions and modules
Core Data Discovery and Risk Insights
Standard SaaS edition with structured, unstructured, and SaaS-source coverage.
Best for: Programs building regulated data inventory and risk-scoring at enterprise scale.
Core Data Discovery with Data Privacy and Protection Foundation
Bundled with Voltage SecureData (Data Privacy and Protection Foundation) for discovery-plus-tokenization governance.
Best for: Programs running discovery and protection together.
- Common expansion areas
- Add Data Privacy and Protection Foundation for tokenization and FPE on classified data
- Add Structured Data Manager for database lifecycle and masking
- Add Data Access Governance for unstructured-data permission review
- Layer Core Threat Detection and Response for SOC correlation on regulated data exposure
Merito services
How Merito helps you win with OpenText Core Data Discovery and Risk Insights
Merito sells licenses and the delivery work around them. Pick the service that matches where you are in the lifecycle.
01
Core Data Discovery Implementation
Data-fabric mapping, connector deployment, classification-policy tuning, risk-scoring threshold design.
Explore service02MAPS Assessment
Data-protection program scoping for Core Data Discovery alongside BigID, Securiti, and Spirion.
Explore service03DevOps Consulting
Discovery output integrated with downstream Voltage SecureData protection.
Explore service04Premium Support
Named engineer, priority SLAs, and release-time coverage for Core Data Discovery.
Explore service05Managed Services
Long-term run support including connector maintenance, classification-policy tuning, and risk-scoring evolution.
Explore service06Training and Enablement
Role-based training for compliance leaders, data privacy officers, and data security architects.
Explore service07Staff Augmentation
Merito-placed data security engineers and OpenText specialists embedded on long-running programs.
Explore serviceOpenText Core Data Discovery licensing
License the discovery engine. Map the data fabric. Same engagement.
Core Data Discovery pricing arrives with data-fabric mapping, connector deployment, classification-policy tuning, and the downstream handoff to Voltage SecureData that turn discovery into a working data-protection program rather than a regex-match noise generator.
Merito point of view
Pattern matching alone is not data discovery. Context is.
Merito has audited data-discovery programs that ran regex against every database column and produced inventories with millions of false-positive matches. The compliance team eventually ignored the output. Voltage's classifier combines pattern matching with context (field labels, neighboring fields, access patterns) so the inventory reflects actual regulated data rather than every numeric string. Pattern-only discovery is noise; context-aware discovery is signal.
Merito recommends Core Data Discovery and Risk Insights specifically when programs need rigorous regulated data inventory across structured, unstructured, and SaaS sources, and when downstream protection through Voltage SecureData (Data Privacy and Protection Foundation) is in scope. For programs picking specialist data discovery breadth across modern SaaS, BigID is often stronger; for programs picking database activity monitoring, Imperva is often stronger. Merito surfaces those alternatives honestly.
Connector coverage is the operational point of failure. Programs that scan only the easy half of the data fabric and skip third-party SaaS, shadow IT, or unmanaged cloud storage produce inventories that look complete and are not. Merito treats data-fabric mapping as central work in the implementation rather than a checkbox.
What buyers usually underestimate
- Running pattern-only discovery without context analysis, generating false-positive volumes the compliance team ignores.
- Scanning only the easy half of the data fabric (databases, SharePoint) and skipping SaaS and cloud storage.
- Adopting Core Data Discovery without downstream Voltage SecureData protection, leaving classifications without a remediation path.
- Treating the inventory as flat rather than risk-scored per repository.
- Failing to grandfather existing exposures, generating noise on data the program already knows about.
Related from Merito
Continue exploring OpenText Core Data Discovery and Risk Insights on Merito
Related solutions
Related services
Related products
- OpenText Data Privacy and Protection FoundationVoltage SecureData tokenization and FPE on classified data from Discovery.
- OpenText Structured Data ManagerDatabase lifecycle and masking on regulated database content.
- OpenText Data Access GovernanceUnstructured-data permission management feeding off discovery output.
- OpenText Core Threat Detection and ResponseSOC correlation on regulated data exposure events.
- OpenText Cybersecurity (vendor portfolio)Full OpenText Cybersecurity catalog across AppSec, IAM, SecOps, Data Security, and DFIR.
Frequently Asked Questions
OpenText Core Data Discovery and Risk Insights FAQs
Consultation request
Talk to Merito about OpenText Core Data Discovery and Risk Insights
Share your data-fabric posture, regulated data classes, and compliance landscape. A Merito OpenText specialist follows up within one business day.
Voltage lineage
Pattern-plus-context classification
Reduces noise compared to pattern-only DLP discovery. Programs get a usable inventory rather than millions of false positives.
Native handoff
Discovery feeds Voltage SecureData
Classifications feed tokenization and FPE policy. Discovery without protection is classifications without a remediation path.
Next step
Map the data fabric before scanning the easy half.
A Merito Core Data Discovery engagement starts with data-fabric mapping and classification-policy design. Programs that scan only databases miss the third-party SaaS and shadow IT.