As more and more customer data pours into enterprise storage coffers--whether in a data center or in the cloud--it becomes extra laborious to retrieve the right data or sets of data for a particular use case or problem to solve. Many dots often need to be connected, and quickly, to get the work done--especially if there’s a data security breach involved.
It would sure help if all of this could be automated. Oh, wait: That’s exactly what Dataguise does.
Fremont, Calif.-based Dataguise, a provider since 2007 of personal data management software, came out Aug. 26 with a new patent-pending method of projecting unique data counts that enables organizations to report the impact of a data breach faster and more accurately than it has in the past. This self-described “industry-first” capability is included in the latest release of the company’s personal data discovery and protection software, the purpose of which is to help organizations manage risk and costs as they store and use continually multiplying data.
Most organizations are now required by law to accurately report the impact of a high-risk data breach and notify affected individuals without undue delay. The European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018, requires reporting within 72 hours (three days) of becoming aware of a breach. Dataguise claims to be able to extrapolate the number of unique data elements in a data set quickly, with greater than 90% accuracy, using a patent-pending approach based on neural network technologies.
For example, there may be 50,000 instances of the same credit card number in a set of data. With little time or ability to assess each and every data element within the 72-hour compliance window, most organizations would report that as 50,000 records breached—a gross overestimation that can increase costs related to incident response, remediation, and regulatory penalties. It can also create even more worried and frustrated customers, Global Technology Officer Anhad Singh told eWEEK.
“Traditionally, when the data volumes were low, the way you would solve the problems was manually, just have a bunch of people do this,” Singh said. “With a couple of clicks, you can install and configure the product; there’s not a heavy lift there. Then the inputs are basically, ‘Hey, what is my policy, which could be ‘Go find credit card numbers, email addresses, addresses, IP addresses’--maybe that’s a policy. The second dimension is: ‘Where am I doing the scans?’ It could be one database or it could be multiple different (cloud) platforms.
“Once you define that, and just hit ‘save’ and ‘execute,’ the product goes and starts scanning, or masking or encrypting--whatever kind of task you run in the product.”
Dataguise can be deployed as an on-premises solution or as a SaaS service, Singh said.
Along with the unique count projection capability, the new Dataguise product release includes the following key enhancements that streamline data security and privacy operations:
- Integration with ServiceNow’s IT Service Manager: ServiceNow users can use Dataguise seamlessly from within IT Service Manager to scan data assets, protect sensitive or personal data identified, and aggregate results with other data insights across the organization.
- Integration with Oauth2’s OpenID Connect: Dataguise can now authenticate users leveraging existing investments in this system and its processes.
- Support for advanced data retention workflows: Organizations can design workflows to automatically archive or delete data based on complex conditions such as corporate policies, user preferences, and country-specific regulations as well as other security and usability considerations.
- New risk profile reports: Organizations now have access to more visual, insight-oriented reports that improve accountability over how personal data is used and provide evidence of compliance. Reports offer insights for privacy, security, analytics, and IT operations teams, and cover a range of topics, including: consent management, employee training, processing purpose validation, classification validation, record of processing activity (ROPA), user-access and third-party risk, and readiness for cloud migration, dev/test, or analytics.
For more information, go here.