As companies search to streamline compliance across multiple jurisdictions, they are also seeking proactive solutions that minimize friction in remediating whatever legal issues they may be hung up on. BigID aims to offer such compliance efficiency with its newest releases, the Data Activity Monitoring and the Compliance Dashboard, to its existing platform.
Both tools focus on helping enterprise-scale customers with two major compliance challenges: Effective access control monitoring for stored personal data, and compliance monitoring, management and remediation across legal frameworks.
The monitoring tool offers real-time monitoring of potentially suspicious or malicious activity in both structured and unstructured databases. According to BigID, the tool tracks data access activity to help identify potential insider threats before a data breach can occur, while improving data ownership accountability.
"With Data Activity Monitoring, we're redefining the level of control and visibility organizations have over their data," BigID CEO Dimitri Sirota said in a statement. "Data Activity Monitoring goes beyond detection, providing near real-time insights necessary to help prevent data breaches, support compliance, and empower security teams to make informed decisions."
BigID Chief Marketing Officer Sarah Hospelhorn said one possible use-case for Data Activity Monitoring would be enabling privacy teams to be proactive in limiting access to company databases to former employees upon their departure from the company.
"Some products tend to be more reactive, but with Data Activity Monitoring teams are able to identify potential risks, like stale permissions," Hospelhorn told the IAPP. "It helps teams get a jump start on data minimization and risk management."
Hospelhorn said Data Activity Monitoring offers recommendations generated by a foundational artificial intelligence model developed by BigID that will empower customers to take action to remediate a potential data breach risks. She said the AI-generated recommendations enable privacy teams to automate corrective actions to minimize risk.
"Whether you're doing data rights requests, privacy impact requests, you want those dots to be connected,” Hospelhorn said. "If you're addressing data life cycle management, (companies may have) all have these retention policies, but not necessarily a good way of executing on them. So, Data Activity Monitoring connects those dots and makes it easier for privacy compliance and security teams to perform their jobs more consistently, while cutting through some of those manual processes."
With the Compliance Dashboard, the tool helps customers streamline their compliance monitoring and remediate gaps in their internal controls across multiple frameworks, such as the U.S. National Institute of Standards and Technology's Privacy Framework, Center for Internet Security's Critical Security Controls and the Payment Card Industry's Security Standards.
Organizations today need more than compliance visibility — they need actionable insights and seamless remediation capabilities to navigate the complexities of modern regulatory frameworks," Sirota said in a statement. "The Compliance Dashboard provides a transformative way for security teams to help meet compliance requirements and actively improve their security posture, reduce risks, and accelerate compliance processes."
Hospelhorn said a common issue facing multinational companies is that while they may have a solid grasp of what each jurisdiction's legal requirements are, tailoring their internal controls to the specifications of each privacy framework mandated by the given jurisdiction for each data inventory can ultimately prove to be complex. For instance, she said of the different data privacy frameworks, some have different definitions of what constitutes "sensitive data," and in response, the Compliance Platform aims to flag where the company may have gaps in their controls.
"I think companies are consistently saying, 'Yes, I understand the policy, but how do I take action?'" Hospelhorn said. "So, I think it matters less about the actual framework and more about some of the specific controls companies employ that are common across all of those frameworks."
Hospelhorn indicated the dashboard allows customers to proactively monitor their compliance across different frameworks on a single interface, enabling them to view their standing "regardless where they are on their compliance journey" with respect to each one's specifications. Additionally, it provides customers a unified view of their compliance posture across data sources, whether they are in a could environment or on-premises, according to the company.
"The Compliance Dashboard will help you automatically assess where you are based on those frameworks, and then alert you to anything that's failing so you can get ahead of (the issue)," Hospelhorn said. "It can also recommend the next steps you may want to take for compliance with that specific framework."
Alex LaCasse is a staff writer at the IAPP.
