I recently interviewed Dave Ruel of Hanzo and Isaac Madan of Nightfall after their partnership announcement recently. We covered so much with regard to eDiscovery trends that we couldn’t fit it all in a single blog post. Part 1 of our interview was published Monday, here is part 2 with Dave Ruel and Isaac Madan.
In part 2 with Dave Ruel and Isaac Madan, we discussed data privacy regulations, cloud security and the biggest challenge to protecting sensitive data today.
Doug Austin: Dave, we’re seeing a “perfect storm” of organizations using so many more apps and solutions than they ever have. Yet those organizations are facing more data privacy regulations than ever as well. What can organizations do to keep sensitive data from “slipping through the cracks”?
Dave Ruel: Great question. One of the most significant issues is the ability to locate the data in the first place because data is scattered everywhere. Let’s face it; data is in the cloud. It’s on desktops, laptops and file shares. The ability to locate that information – boil the sensitive data to the surface, if you will, is critical. Because there’s a lot of hidden PII and PHI in all that information, the ability to pull data from these data sources and detect it is critical to helping to keep that data from slipping through the cracks.
DLP technology, of course, helps companies track and remediate sensitive data in real-time. As it’s going through that, we are doing something different. We collect historical data and then run it through a similar set of detectors. So, any historical data that might be out there in Slack or other data sources, we can process it through our engine and look for that sensitive content. We’re able to illuminate any of the information Nightfall detects, and we’re able to bring it to the surface to allow users to start making wise choices about what to do with the data.
Doug Austin: Isaac, recent world events are putting the security of data at a premium like never before. Yet we have more sensitive data “in the cloud” than ever. How can organizations reap the benefits of the cloud to support increasingly remote workforces while ensuring that important and sensitive data is protected?
Isaac Madan: Cloud adoption and digital transformation have been scaling rapidly even before the pandemic. With the shift to hybrid work models, organizations are increasingly seeking out cloud-native approaches to cloud data security, as the traditional solutions on the endpoint or network are no longer sufficient for coverage. As more data gets and moves to the cloud, there’s an increased need for visibility and remediation capabilities at the application layer in these cloud silos. Data loss prevention is one of the critical tools that enterprises can leverage to protect themselves from modern security risks that emerge in the cloud. Some examples are data exfiltration, data leakage and misuse, and other types of sensitive data and secrets exposure. With cloud DLP, teams can discover, classify and protect sensitive data and ensure that it’s handled safely and only present in appropriate cloud systems and silos. Data loss prevention can also help enforce a company’s data security and compliance policies in the cloud. So when policy is violated (such as sharing sensitive information incorrectly, for example), this type of activity doesn’t increase breach risk, and an organization can remediate these issues efficiently.
Doug Austin: Dave and Isaac, what do you think is the biggest challenge for organizations to protect sensitive data today?
Isaac Madan: The misuse, mishandling, and sprawl of sensitive data across the cloud. Cloud apps make it easier to collaborate and share information, including unstructured data. This growth in volume, complexity, and storage locations of sensitive data increases overhead, and the task of monitoring and sifting through these data silos is nearly impossible to do manually. That risk manifests opportunities for malicious data exfiltration or accidental data leakage, and we see the number and scale of these breaches increasing every year, costing organizations time, energy, and money to resolve. That’s what I would say is the biggest challenge for organizations protecting sensitive data today.
Dave Ruel: I think Isaac nailed it. The most significant challenge organizations face when protecting sensitive data is wrangling the vast volume of data from myriad applications stored in various locations, whether in the cloud or on desktops. It’s the new wild west! As the number of SaaS apps increases for clients, who use these applications to facilitate collaboration and operate their businesses more efficiently, the greater volumes of data stored in these applications present significant challenges to enterprises. Unfortunately, many of these applications are typically more difficult for extracting data for legal, compliance, or investigatory purposes. This issue magnifies the challenge across the board for finding sensitive information.
Another aspect to consider is how we’re becoming much more of a mobile society. We’re utilizing our own devices. It’s much more of a challenge to protect sensitive data when it’s out in the wild. It behooves all of us to look for ways to control the data that’s in flight or at rest within each of our companies. That’s the other trend and challenge that I would certainly add to what Isaac said.
Doug Austin: Great points. That’s probably one of the biggest reasons we’ve seen so many more data breaches in the past couple of years. Isaac, we think of cyber threats being from outside entities, but insider threats are just as significant a challenge for organizations today. How can organizations reduce the threats from individuals within their own organization?
Isaac Madan: Cloud-native data loss prevention and eDiscovery solutions can help teams discover, classify and protect sensitive data transmitted and stored internally by employees through their day-to-day work. That sensitive data can include PII, protected health information, credentials, secrets, and financial data. Cloud DLP tools help organizations ensure that this sensitive data is handled safely and that it is only present in the appropriate cloud systems. It also helps enforce data security policies. If a team member shares data in a way that conflicts with policy, for example, if they share data that shouldn’t be public, a DLP platform can immediately identify and automatically remediate that violation to prevent the risk of breach or downstream incident.
Hope you enjoyed part 2 with Dave Ruel and Isaac Madan! We’re not done yet! The third and final part of my interview with Dave Ruel and Isaac Madan will be published on Friday.
BTW, Hanzo and Nightfall will be conducting the webinar Drive Data Intelligence with Collaborative Data on Tuesday, May 24th at 1pm ET! For more information and to register, click here!
So, what do you think of part 2 with Dave Ruel and Isaac Madan? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclosure: Hanzo is an Educational Partner and sponsor of eDiscovery Today
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.