Sensitive Data Intelligence Driven Privacy and Protection

At Securiti we are excited to announce the availability of our newest offering Sensitive Data Intelligence that expands our product portfolio of privacy management software to address the challenges of data governance, risk and security teams, in a single comprehensive platform.

Data has become the driving force behind the new economy, with enterprises focused on leveraging data to find new ways to deliver value to their customers and generate new revenue streams. At the same time, the amount of data is increasing at a staggering rate. An average enterprise has over 400+ different data systems, that are spread across on-premises file shares, databases, enterprise data warehouses, cloud storage solutions, SaaS applications, cloud data warehouses, cloud data lakes for machine learning based analytics, and more. This data sprawl creates multiple challenges for large organizations.

Major business initiatives and projects undertaken by organizations, while deriving significant value from the underlying data, need to consider the privacy, risk, and security implications of the huge volumes of data they collect and process. Through conversations with our partners and customers, we found some typical scenarios where they were struggling with these issues.

• Data lake projects: Companies are increasingly leveraging data science to run new types of machine-learning-based analytics on raw data combined from a variety of sources into data lakes. But visibility into the types of data present in the lake is very limited. This is significant when building self-serve models for data consumption with strong data governance and access policies.
• Cloud Data migration projects: Digital transformation initiatives by CIOs are typically cloud-driven and involve either migrating data from their on-premises to the cloud or standing up new apps and workloads in multi-cloud environments. They need to understand what personal or sensitive information is in their environment to enable go/no-go migration decisions. The flexible consumption model of the cloud makes it challenging to maintain an up-to-date inventory of the data assets, the data within the assets, and the controls on the assets.. Post-migration, organizations will need to rely on automated mechanisms to monitor and manage this data..
• Secure and Privacy-aware SDLC initiatives: In the new economy, every company, regardless of its industry vertical, is also a software company, as they build and deliver solutions and services to their customers digitally. Privacy by Design and Secure SDLC initiatives have helped raise developer awareness for privacy and security requirements early in the development process. But agile development methodologies present challenges as new data collection/storage or data leaks to application logs get introduced periodically, requiring continuous monitoring of devtest, staging, and production environments.
• Data mapping initiatives: Privacy compliance programs require businesses to maintain a record of their data processing activities. Privacy teams that have historically relied on manual questionnaires completed by data owners, are looking to evolve their processes with automated data discovery and controls given the dynamic nature of the data. This keeps their records more accurate and up-to-date.
• Data subject request fulfillment projects: B2C companies in verticals such as retail, travel, health, and financial services that serve 10’s of millions of customers are now burdened with requirements from privacy laws that grant users access rights to their requests. With the increasing number of data breaches, the volume of such access requests from users is trending up. And privacy teams, along with their IT colleagues, need to invest in automated tools that can detect and link personal data to specific identities.

Sensitive Data Intelligence

Organizations today rely on a combination of manual methods, repurposed legacy data discovery tools, and point products to address the above challenges. These have proven to be inadequate or ineffective. With Sensitive Data Intelligence, we provide our customers a single platform with the following comprehensive capabilities:

• Automated discovery of data assets across the enterprise, including on-premises, hybrid and multi-cloud environments.
• Out of the box detection of 100+ personal data attributes across over a dozen categories, including Government IDs, Device IDs, Online IDs, Finance, Legal, Medical, etc. This includes special categories of data defined by GDPR and other privacy laws.

• Data risk scoring to provide a risk-centric approach to manage the data being collected and processed. The proprietary model leverages risk factors such as data type, data location, data subject’s residency, and volume of data and can readily be extended. The solution allows customers to easily find hotspots and direct remediation efforts appropriately. Risk score trends also surface indicators of risk, such as copies of data, and cross-border transfers of data.

• Structured data analysis with insights on data types and volumes across databases, schemas, and tables.
• Unstructured data classification using machine learning based techniques into easily recognizable categories (Sales, Medical, HR, etc), types (Medical consent form, IRS tax form, etc), and formats. Additionally, organizations can define their own schemes using rules-based Content Profiles. A library of built-in profiles such as PCI, PII, PHI, GLBA, and FERPA help customers get out of the gate running.

• Labeling of files using sensitivity labels from your Microsoft Information Protection subscription. Additionally tagging with privacy related metadata such as categories of personal data, categories of subjects, and purpose.
• A policy engine to automate and orchestrate controls on the various data stores using a built-in library of policy templates mapped to regulatory citations and standard controls.

This is the beginning of our journey and we will soon be expanding the solution with additional automation that brings increased levels of efficiency to privacy, data governance, risk and security teams. Check out our brochure for more details.