Data drives value, but also risk
Do you have a grasp of all the sensitive data within your organization and where it is? Data is certainly a source of value. Its potential leakage, however, is also a source of reputational risk, regulatory requirements, and commercial sensitivity. An effective data governance strategy is necessary to maximize the value of data and minimize its risk.
Data governance is more challenging than ever
First–the volume of data is large and growing, especially as businesses engage customers even more with digital applications. And with a ton of data comes a significant risk of exposure, especially with unstructured data.
Second–ransomware is on the rise. Ransomware attacks carry the risk of data loss and exfiltration. According to a report from Coveware published last year, nearly 50% of ransomware events include the threat of releasing exfiltrated data in addition to encrypting it. The financial burden of exfiltrated data, as the report explains, can be essentially infinite since attackers can return for more ransom payments in the future. Furthermore, the time, cost, and potential penalties associated with ransomware attacks can be even worse than the ransom payments themselves.
Third–increased digitization and increased cyber threats are motivating governing bodies to strengthen regulations around data storage and usage. Standards like PII and PCI as well as privacy regulations like GDPR and CCPA must be addressed to avoid expensive regulatory fines. As an example, certain regulators now require organizations to empower any consumer to have the privilege of removing any record of their personal data to avoid penalties. New regulatory frameworks will continue to be introduced, and organizations must have a nimble and effective data governance strategy or face the consequences.
Managing all of this requires time and resources. Both manual tagging and native auditing tools result in incomplete and inconsistent results. Common challenges include a lack of visibility into sensitive data and where it resides as well as poor productivity due to time-consuming work.
Minimize Sensitive Data Exposure & Risk
Rubrik Sensitive Data Discovery is a SaaS application that discovers, classifies, and reports on the types, locations, and usage of certain types of sensitive data (e.g., credit card numbers, passport numbers). With Sensitive Data Discovery, organizations can easily identify certain types of sensitive information, such as certain types of Personal Identifiable Information (PII), hiding in your unstructured data. By leveraging existing backup infrastructure, Sensitive Data Discovery delivers immediate time to value without impacting production or requiring additional IT infrastructure. Sensitive Data Discovery was built to support common policies such as GDPR, CCPA, GLBA, HIPAA, and PCI-DSS and identify many types of PII and financial data across geographies. Additionally, Sensitive Data Discovery supports the ability to define custom analyzers.
Sensitive Data Discovery can be used both proactively, before a cyberattack, and reactively, during and after an attack. For incident preparedness, organizations can use findings from Sensitive Data Discovery to minimize data exposure and restrict open access to sensitive data. These steps can reduce the possible attack surface and an organization’s overall susceptibility to a crippling attack. For incident response, findings from Sensitive Data Discovery can inform decision making (e.g., whether to pay a ransom) and communications (e.g., to employees, customers, and authorities) and help accelerate compliance with regulations and avoid costly penalties.
We’re also excited to introduce new enhancements to Rubrik Sensitive Data Discovery since our release earlier this year, namely new analyzers in several geographies across the world. Tune into the Rubrik Data Security Spotlight to learn more.
Francis Crick Institute Uses Sensitive Data Discovery to Manage Sensitive Data Risk and GDPR Compliance
Francis Crick Institute is a large biomedical research center in London. The Institute has over 1,500 scientists and staff to understand why disease develops and to find new ways to diagnose, prevent, and treat a range of illnesses.
Before deploying Sensitive Data Discovery, Francis Crick did not have an automated solution in place to discover and classify what types of PII data it had. They used a manual approach that was very time-consuming and lacked global visibility into the entire environment.
After adopting Rubrik Sensitive Data Discovery, Francis Crick Institute used Rubrik’s predefined analyzers to scan for certain types of UK PII data. This empowered Francis Crick Institute to confirm their baseline understanding of the locations of certain types of PII data. Based on that confirmed understanding, Francis Crick Institute now continues to maintain both the macro and the micro view of their sensitive data so that they can automatically pinpoint specific locations of new files without sifting through hundreds of documents. They have been able to identify sensitive data of various different types – in total over 50,000 files - to minimize their exposure risk. Moving forward, Francis Crick Institute will use Rubrik to flag any data that may be unauthorized for investigation and remediation.
Tune into the Rubrik Data Security Spotlight, where you can learn about how Rubrik's comprehensive solution can help you minimize data risk.