Discovering Data, then Protecting It

Tizor Systems has launched a data discovery and risk assessment service as compliance continues to drive interest in the space.

Tizor Systems has launched a new consulting service to help companies discover confidential data as well as gauge and manage risks.

The company is leaning on its experience in the data activity monitoring space with the Tizor Discovery Service, an offering aimed squarely at helping businesses find sensitive data, identify risks posed by current operating procedures and develop plans to tighten those loose-ends.

The market for consulting services is driven largely by regulations such as the Payment Card Industry Data Security Standard and the Gramm-Leach-Bliley Act. Most companies are unable to address this requirement because they don't have the tools to find and classify private data, officials at Tizor said. The lack of visibility into critical data assets can equal significant risk of data theft, data breaches and unapproved data access, officials contend.

"Over the years with the proliferation of data centers, databases, applications and data; not to mention acquisitions and mergers; enterprises have data scattered all over the company," said Bill Bartow, vice president of product management at the data auditing vendor. "It's very difficult to keep track of all of the different repositories and data, let alone know what's happening to the data."

A recent report from Symantec, which last June launched its Foundation IT Risk Assessment service, found that 26 percent of the 405 IT professionals surveyed expect a regulatory non-compliance incident at least once a year. The study also examined 85 security and availability incidents and found 53 percent came down to a failure of processes.

"On one side, the bigger impact on IT performance is training and awareness, but on the other side, it tends to be the least implemented control by many organizations out there," said Samir Kapuria, managing director of Symantec Advisory Services.

As part of Tizor's service, consultants work with client companies to develop remediation plans after issuing a risk assessment report. The findings include an overall risk score, as well as risk profiles for all users and applications that access the sensitive data. But the core of the service revolves around finding the sensitive data and determining how it is being used. To do that, the company leverages its own Mantra data monitoring technology.

"This is the first time that we've offered a service like the Discovery Service. However, we have provided database auditing and security consulting to our customers for several years," Bartow said.

"As a matter of fact, it was during customer engagements that we uncovered the need for a discovery service. Our customers were struggling to get a better handle on where their data was located and how it was being used."