Spirion who provides one of the critical first step of data security and privacy through its data discovery, persistent classification, and behavior software and services, recently won two Tech Ascension Awards -- Best SecOps and Best Compliance Solution. Spirion has helped thousands of organizations across all industries worldwide have reduced their sensitive data footprint and proactively minimized the risks, costs, and reputational damage of successful cyberattacks and regulatory violations.
We sat down with Jen Holtvluwer, Chief Marketing Officer, Spirion to discuss compliance and data discovery in enterprise environments and where SecOps come into play.
Can you describe your product, its use cases, and who it is intended to serve?
Spirion enables organizations to discover and validate the location of personal and sensitive personal information in their information ecosystem and then classify and protect it according to the data protection mandates they're subject to, such as the CCPA (California Consumer Privacy Act), General Data Protection Regulation (GDPR), or even specific contracts. By providing visibility into context and purpose, we give CISOs and Data Privacy Officers a macro understanding of how data flows through their organization so that they can gain command and control over that data.
Our new Data Privacy Manager (DPM) platform provides Privacy-Grade data discovery and purposeful classification by quickly and automatically discovering, classifying, and remediating almost any form of personal data anywhere—on-premise, in the cloud, and on work-from-home or remote employee computers.
Enterprises use Data Privacy Manager as an essential first step for controlling the data sprawl, effectively shrinking and controlling their personal data footprint. DPM is used to auto-classify documents, bringing instant visibility to data-handlers and allowing tools like Data Loss Prevention (DLP) to deliver on their promise. We also help customers comply with the personal data collection, storage, utilization, and policy enforcement elements of CCPA, GDPR, and other laws and regulations.
What makes your solution different than what else is available? Why is using Spirion a better approach?
Traditional data discovery scans can be time-consuming to yield accurate results. Most methods choose to sacrifice accuracy, omit certain locations, and miss context to "complete" discovery quickly. These design choices don't result in thorough discovery as they yield false positives – or worse, false negatives, leaving gaps in location coverage. Inadequate discovery fails to provide the depth of information required to understand the data you have, resulting in the inability to comply with privacy regulations.
Data Privacy Manager's data discovery and classification provide a flexible hybrid approach with software-based agents for on-premise servers or endpoints and agentless scanning in the cloud for simplicity, scalability, and performance. Supported data locations and cloud repositories include a wide range of data locations, databases, file types, and cloud repositories.
Data Privacy Manager also addresses today's more sophisticated data privacy, regulatory and business needs by adding a layer to data classification that accounts for three critical variables: data processing, purpose, and privacy.
Data Processing - New and evolving data privacy regulations require individuals' consent for how organizations use their private data, in particular, GDPR and CCPA.
Purpose - GDPR requires organizations that process European Union citizens' personal data to clarify the purposes of collecting data. As a result, companies have to manage their data according to what purpose or purposes it serves within their organizations.
Privacy - Both GDPR and CCPA are laser-focused on data privacy. Complying with these stricter regulations requires more advanced data classification schemas.
Scale is super important to any enterprise cybersecurity solution. Describe to me how Spirion scales in enterprise environments.
Spirion has spent years fine-tuning our solution against some of the largest data stores in the world; therefore, we find what other solutions miss. We pioneered Data Privacy Manager based on what we have learned in the market and that is the need to provide optimal performance and cross-platform enterprise scalability to protect ever-growing volumes of personal and sensitive personal information across all data types and environments.
Our new Data Privacy Manager platform helps enterprises achieve Privacy-Grade data discovery and purposeful classification in a highly scalable SaaS hybrid architecture that can thoroughly scan both on-premise endpoints/servers and cloud repositories. Its advanced, Kubernetes containerized microservices software architecture ensures high levels of scalability and performance, with an intuitive and efficient cloud-hosted console for configuration and management.
How does compliance come into play? How does the Spirion solution solve complex compliance challenges?
Data discovery works together with data classification when it comes to complying with privacy regulations. Once you find personal data, you must accurately classify it to ensure proper use and access throughout the organization. Correct classification ensures you can find that data when responding to a consumer's "right to know" or "right to be forgotten" request, which is common among data privacy regulations.
Spirion provides the critical first step in a comprehensive data privacy and security program, enabling organizations to meet the requirements of new data protection laws because creating a data inventory is so fundamental to compliance. Together data discovery and classification form the bedrock of any data privacy and compliance program because you must first know where your data resides to protect it. In fact, data discovery and classification are the first two elements of our Data Privacy Management framework, which provides an end-to-end approach to personal data lifecycle management based on five fundamentals: Discover, Classify, Understand, Control, and Comply.
Only through knowing the location of your personal data and its appropriate levels of protection can you begin to enact any privacy compliance requirement.
Let's talk a bit about SecOps. SecOps is critical to the baseline security practices of app dev. How can SecOps utilize Spirion?
Increasingly, we are seeing enterprise privacy processes make their way into security operations with SecOps teams becoming more involved in privacy technology functions, such as fulfilling Data Subject Access Requests (DSAR) or responding to privacy risk. NIST's current privacy framework overlays many privacy functions onto the security group to improve enterprise risk management. The evolution from security operations (SOP) to security, privacy, and compliance operations (SPOC) seems to be a natural, if not inevitable, progression.
While data security focuses on protecting data, data privacy focuses on the usage of data. Spirion can help SecOps teams shrink and control their personal data footprint on an ongoing basis. By automating that process and only maintaining what is required, data security and data privacy become a byproduct of proper data privacy management.
Spirion Data Privacy Manager (DPM) is the foundation for strong data protection through the accurate, contextual discovery of structured and unstructured data; persistent and purposeful classification; automated, real-time risk remediation; and powerful analytics and dashboards to give security operations teams greater visibility into their most at-risk data and assets. By automatically identifying what their core personal data is, where it is stored, who has access, and when it was last used, DPM can strengthen SecOp's ability to implement appropriate controls, bolster their security position, and comply with growing data privacy regulations while reducing internal friction and improving productivity.
Where can people find out more information about Spirion?