Google is now bigger than Exxon-Mobil.
It’s hard not to see this as a tangible demonstration that data truly is the “new oil,” but privacy professionals know very well that data can be a double-edged sword—yes, when used effectively, it helps bolster an organization’s bottom line but just as significantly, it can be a liability. Hackers or rogue employees can compromise sensitive data, and depending on the territory in which you operate, certain stored data can require compliance with various regulations, which creates yet more risk.
Never has it been more important to know what data your organization has, where it’s stored, who has access to it and how it should be classified. Yet, as data creation and collection increases seemingly every day, never has that been more difficult to assess.
However, one New Hampshire-based start-up is working to mitigate these issues by offering what it calls data-aware storage.
Traditionally, data storage has been thought of as a passive piece in an organization’s data life cycle, like a container or bucket in which to place data, but DataGravity’s storage technology tracks, protects and analyzes data as it’s stored and provides organizations with an interface to help employees visualize and contextualize data. Whenever data is stored using the technology, metadata tags are placed on it to provide authorized employees with the ability to know when that data was added, transferred, processed, removed or deleted, and by whom.
“Organizations need an MRI of their data,” said DataGravity CEO Paula Long during a demonstration at the IAPP’s offices. “They need to see where their bones are broken.”
Long is no stranger to successful B2B storage-technology companies. In 2008, a company she cofounded, EqualLogic, was acquired by Dell for approximately $1.4 billion—at the time, Dell’s biggest purchase ever. Just seven years later, DataGravity has now raised $92 million in venture capital, including from the likes of such VC heavyweights as Andreessen Horowitz.
DataGravity’s current focus is on unstructured data, where a company’s biggest unknown risks may lie.
According to Long, between 60 and 80 percent of an organization’s data is unstructured. She explained that DataGravity provides a full-index tagging engine with the capability of tagging more than 400 unstructured data types, including PDFs, Microsoft Office files, spreadsheets and metadata for video. Data-aware storage combines what Long calls the key tenets of data governance, including storage visualization, file analytics, information discovery, data activity and tracking and data security all at the point of storage.
All of that allows you to monitor activity, including suspicious activity, within an organization. Say, on average, an employee reads certain documents three times a day, but, one day, that employee reads 5,000 documents. The system would identify such a trend. Hackers also tend to embed themselves within a system for months at a time, but according to Long, data-aware storage can help expose unusual actions within stored data by analyzing trends and identifying unusual activity within the data.
Since it’s capable of such monitoring, this data-aware storage system can also provide the organization with a sort of forensics report about that activity in much less time than a traditional forensics investigation.
As Long put it in a recent blog post on DataGravity’s site, “Storage must become aware of the data it’s storing. It must be able to answer questions about the data across people, content and time.”
This means helping users organize data—particularly personally identifiable information—as well as classify it and, with the help of the data provided by DataGravity's technology (when and who has used a given data point), better understand the context around it. As the IAPP’s Sam Pfeifle wrote last year, data classification is one of the thorniest issues for privacy professionals because the sensitivity of data can often depend on context. Pfeifle asked, “How does a privacy pro explain to an IT pro that data’s sensitivity needs to be determined on a case-by-case basis? Sometimes occupation and postal code in combination will not be sensitive. Sometimes that person will be the only gastroenterologist in town and be easily identifiable.”
As Long describes it, “we provide a 360-degree view of your data.” In addition to providing context and data trends, DataGravity boasts that its technology can provide users with levels of accountability and an audit trail. “We are the castle where the data lives, but we’re putting protections in the castle,” said Long. Or, in other words, data-aware storage is not just a physical solution to data storage with a software piece layered on to crawl the data, it is an integrated solution that uses the metadata created by the act of storing data to provide a more complete view for an organization and its privacy professionals.
At this point, from a privacy perspective, DataGravity’s product primarily works with unstructured data stored in its physical storage units. Long said eventually DataGravity would like to reach into cloud storage and other more structured data solutions, but, for now, the focus is on unstructured data and the midsized organizations that are often drowning in it. Long pointed out that many mid-tier companies—those with between 50 and 2,000 employees—often do not have data governance strategies, and even if they do, they often lack the resources or expertise to execute them. This technology could help such companies get up to speed quickly.
Of course, data categorization and inventory issues are common for any organization these days. Data is not only the new oil because of its value but also because of the way it has become vital to the engine that runs nearly every modern business. As more organizations search for solutions to help them comply with privacy regulations, keep customers happy and create new revenue opportunities, expect more start-ups like DataGravity to step into the spotlight.
If you want to comment on this post, you need to login.