In 1961, Jaguar started producing the E-Type Series sports car. In the automobile world, the E-Type is a classic, an icon, and has been featured in the likes of Austin Powers and Mad Men. Among the many unique things about the series were its wire wheels - a beautiful mess of spokes emanating from a center hub. 

The image was part of the inspiration for WireWheel, an emerging data-privacy-as-a-service startup that's entering the market. That "total mess" is something many companies are grappling with right now as they try to discover where their most sensitive information resides in order to understand the flow of data through the company, mitigate risk, and ensure regulatory compliance. It's no easy task, and there are plenty of companies in the marketplace right now offering data discovery services. 

And like many other companies in the space, WireWheel has a unique approach to solving the data discovery, and by extension, assessment management issues many privacy offices face. Anyone reading data protection news recently is likely familiar with an uptick in cloud storage leaks and subsequent negative media coverage. On top of that, understanding where data is located is a big deal in helping to understand which jurisdictional obligations an organization faces — a huge help in risk mitigation. 

Using a combination of machine learning, data science, and cloud computing, WireWheel is able to locate servers and data lakes anywhere in the world, as well as map where the data flows to, who has access to the data, and whether the data is encrypted or even publicly accessible. 

The company's founder and CEO, Justin Antonipillai, also has a unique background in privacy and public policy. Between 2013 and 2016, Antonipillai lead the U.S. negotiating team during the EU-U.S. Privacy Shield talks with the European Commission. During that time, he worked not only with the Commission, but with industry and civil society groups, EU member states, and any number of data protection authorities. 

These are experiences and background knowledge he is bringing to WireWheel. He also provided Privacy Tech with a brief demo of some of WireWheel's functions and capabilities. 

"After my work at the U.S. Department of Commerce, I talked with dozens of companies because me and my team figured they would need cybersecurity protections," Antonipillai explained during a phone interview with Privacy Tech. "We found, however, that when we talked with companies, they were already protected on the cybersecurity end. But, when we asked them substantively, 'Where are you storing it; where are the applications running; who are the third parties running those applications; what data was being collected and by whom?' most couldn't answer that." 

And that's the first focus for WireWheel, according to Antonipillai: transparency. Once a privacy team has transparency into their data storage and flows, they can build from there and make educated, data-driven decisions. 

A second prong to WireWheel's offerings involves a dynamic assessment management solution for chief privacy officers. This involves a set of assessment templates that can be crafted by the privacy office and assigned to relevant entities throughout the organization. These templates — which WireWheel refers to as enterprise crowdsourcing — can also be tracked and updated in real time, so if a DPA issues guidance that prompts the need for an additional question on internal assessments, WireWheel's technology allows for that. 

"This is not pejorative," he noted. "For most CPOs we talked to, it was hard for them to understand how business applications worked. There's no common vernacular. They not familiar with EC2, for instance, or the server architecture of the enterprise. In order for CPOs to lead and be effective, they need to engage with the organization quickly to collect relevant information." 

EC2, Lambda, RDS are just some of the cloud offerings from Amazon Web Services, for example, and each do different things: EC2 is a scalable solution for cloud computing; Lambda is a serverless computing platform; while RDS is a distributed relational database. WireWheel can reveal which type of server is being employed, as well as its geographic location, and the service can draw lines between servers to demonstrate directionally how the data is flowing. 

This allows a company to see which relational databases are not encrypted, which ones are publicly accessible, and what data is located where. Some companies, he explained, may have 10,000 database instances out there, making it nearly impossible to track manually. "Say a company launches a database in the EU," Antonipillai said, "but it didn't get encrypted. We'll send them an alert."

With WireWheel, Antonipillai explained, "you can select a database, go in and pull out schemata, see what data is PII, label it, group it, and tag it." And if anyone in the company changes any of this, WireWheel can track it and alert team members.

"This brings visibility to the CPO in real time," Antonipillai said. 

WireWheel is still getting off the ground, but it has capital, and its full platform is already implemented with a number of companies. The beta version of WireWheel is slated to start in March, and the company is working on adding new features. Antonipillai also noted that SaaS companies are drawn to the WireWheel suite, which, as we consider the downstream liabilities built into the EU General Data Protection Regulation, could be a real sweet spot for companies looking to hire SaaS vendors. 

Antonipillai said training of staff usually only takes a couple of days, and that "CPOs get it pretty fast." 

Like Jaguar's wire wheels, Antonipillai believes WireWheel can help companies make sense of the messy complexity of their data storage and flows into something understandable, and, hey, depending on whom you talk to, beautiful. 

photo credit: Maurits Verbiest Detail Jaguar wheel via photopin (license)