First, the easy part:
Identity Finder, a company focused on helping organizations reduce the risks they face when it comes to the leakage of sensitive data, is rebranding as Spirion. At the same time, it has named Dr. Jo Webber as its new CEO.
Webber, who previously headed up Energy Solutions International among, comes on board at a good time for the company. It has seen 250 percent growth in customer adoption across many different verticals. That customer growth is fueled in part by concerns around recent high-profile cases of data leakage from retail, health, insurance and other sources. These leaks have meant that both boards and CEOs are increasingly putting huge pressure on CIOs to ensure data is safe.
+ Also on Network World: Study reveals security gap in big data projects +
This is where Identity Finder comes in. The company’s Data Platform promises to find all sensitive data—anywhere, anytime and in any format—on endpoints, servers, fileshares, databases and in the cloud with practically zero false positives. The software then eliminates and prevents sensitive data sprawl by reducing the sensitive data footprint and by operationalizing data protection policies and controls to meet a broad range of compliance requirements—from PCI to PII to HIPAA and beyond.
That all pretty much makes sense, but today, perhaps in an effort to further fill its sales funnel with nervous organizations, Identity Finder is releasing a new audit it claims to have undertaken across its three largest enterprise sites: a large multinational manufacturer, a leading healthcare technology company and a major university.
According to the company, the audit discovered that “if left unchecked, every legitimate piece of sensitive data will create up to 1,000 unnecessary copies. What’s more, the company found that if left unmanaged, for every legitimate user of sensitive data, up to 100 additional users will have access to it.”
The company's solution
Not being averse to a bit of incredibly blunt positioning of its own product, the company quickly identifies the solution for these alleged security risk vectors:
“To eliminate the risks associated with data proliferation, it’s important to first identify 100 percent of an organization’s sensitive data. Then start taking control by automatically classifying it according to your rules and policies,” said Webber. “Your solution should be able to remove extra, unneeded copies; stop additional spread at the time of creation; and apply appropriate controls and protection over needed copies. And monitoring and managing sharing should be able to be handled internally and integrate with a gateway DLP solution to leverage classification and stop external over-sharing and leaks.”
I’m not going to argue with the metrics of Identity Finder’s audit. I don’t have the raw data, so am not able to. I do have to say that I raised my eyebrows somewhat when I read of the huge numbers of potential document copies that could exist.
I also choked a little at some of the language in the release, which had a tendency towards panic-inducing. Given that the assessments are based on before and after audits of the implementation of Spirion’s Data Platform, it is always somewhat questionable to conflate findings to broader assessments.
The audit notwithstanding, there is something in the optics of this announcement that doesn’t sit well with me. There is a little too much use of FUD as a direct driver of product sales for my liking here. Perhaps that is a case of being a little naïve about the realities of the technology industry, but I’ve read a lot of these reports in the past and prefer when they’re written in a more general way.
Overall, the fact is risks do exist for organizations that don’t consider the danger of unconstrained data sharing and spread. But that is as much a case of cultural issues as it is technological ones, and this report would be helped by recognition of that fact.
This article is published as part of the IDG Contributor Network. Want to Join?