Your organization is trusted with customers’ personal data
Gigabytes – and sometimes even Petabytes – of data are generated daily within a single company. Within that massive quantity of data is customers’ personal and confidential information, such as social security, credit card and bank account numbers.
This critical (and now highly regulated) data is on the move. Employees inadvertently duplicate it into cloud-based documents, downloaded files, and emails. Further, with work-from-anywhere now the norm, employees access both cloud and on-premises environments from their workstations.
Endpoints remain a major blind spot for most sensitive data discovery tools. It also remains a struggle for the information security teams to proactively track threats from employees who have access to customers’ private information. However, that’s exactly what regulatory compliance rules now mandate. As data multiplies, so do the requirements around collecting, using, and protecting other people’s sensitive information.
Protecting customer’s personal information is the law
Regulatory efforts began with the passage of Europe’s GDPR, universally considered the data privacy gold standard.
Currently, the United States has 30 states with privacy protection laws in place or in draft for debate and passage. California implemented one of the first data privacy rules, and it remains the most rigid state law on the books. As of January 1, 2023, California’s CPRA (known as CCPA 2.0), which extends protections and expectations, is now in effect.
This year, Virginia, Colorado, Pennsylvania, Connecticut, and Utah also have laws that come into effect. They regulate the usage of personal data by companies and require that they take demonstrable steps to protect it.
With that in mind, Qohash created a compliance toolset to make it faster, easier, and simpler to meet sensitive data compliance requirements.
6 ways Qohash drives compliance
BREACH IDENTIFICATION
Regulations require companies to identify and report a breach of protected data and report the extent of the breach to government agencies within 24 to 72 hours.
With Qostodian, customers quickly understand the extent of an incident and meet time requirements to provide timely notifications.
Qostodian’s objective is to provide insights to stop breaches before they occur. It monitors employee interactions with sensitive data around the clock, and includes risk indicators and benchmarking. It also generates alerts the instant risky accumulation, deletion or exfiltration of data by an employee occurs.
However, in the event a security incident does occur, customers use a unique Qostodian feature to get answers fast – the ability to search for a specific data element and instantly see its full data lineage. See the exact location where the data got out of an environment, where it ended up, and every employee and location it touched in between to speed investigations and meet notification requirements.
SENSITIVE DATA INVENTORY
Regulations require businesses to present details of personal information collection, including where it’s stored. This requires a clear map of all sensitive data.
Qostodian shines a light on dark data. Find sensitive data anywhere, 50x faster.
Lightning-fast Qostodian provides a complete inventory of sensitive, unstructured data at rest. It discovers sensitive data significantly faster than alternatives, across any data source, in any location.
Qostodian provides labelling, classification, custom RegEx and keyword searches, plus ranked and contextualized risk – all for a single fee based on the number of employees. No upsells, SQL server costs, or ongoing PS time needed.
DATA DELETION REQUESTS
Regulations require the disposal of customer information after a defined number of years, or at the request of the customer.
Qostodian makes it simple to fulfill deletion requests.
Qostodian customers run keyword searches by name, date, credit card number and more to find all copies of sensitive data across business systems. See which categories of sensitive data are stored on business systems. See how specific data elements moved across employees and locations. Delete data directly within the platform to show compliance with data deletion requests in any location – including endpoints.
RISK ASSESSMENT
Regulations require that any business that processes personal data perform periodic privacy risk assessments.
Easily identify and correct exposure points to pass risk assessments.
A foundational step in conducting a risk assessment, Qostodian provides an inventory of regulated data across every data source. It provides access control lists for evaluation as to whether those with access have a legitimate business need for it. Gain insight into all sensitive data critical exposure points. See how much sensitive data is on business systems and who has access to it. Put policies in place, configure risk levels appropriate to the business, and receive notifications the instant policy violations occur.
POLICY ENFORCEMENT
Regulations require proof of enforcement of “policies for protecting the confidentiality, security, and integrity of customer information.”
Prove enforcement of privacy policies.
Qostodian provides auditors with evidence that sensitive data is monitored and cross-referenced to employee interactions, enabling in-the-moment policy enforcement. Qohash looks into files to track data elements. It monitors those elements and cross-references them to employees and locations. Know the instant an employee has a risky interaction with sensitive data. Trace the lineage of any data element that moves onto workstations for faster remediation.
ACCESS CONTROL
Regulations require proof of the process to regulate who has access to consumer personal data.
Regulate access to data.
Quickly create an access control list of all regulated data. Provide evidence of restrictions and show regular evaluations of whether those with access have a legitimate business need for it.
– Chief Information Security Officer & Compliance Manager at a fund management firm.
You can no longer claim ignorance and say ‘we have a policy and we’ve told employees,’ when you know it’s not being followed. You can sleep at the wheel if you want when it comes to compliance, but I chose full visibility, with Qostodian.”
