SlideShare a Scribd company logo

Supporting GDPR Compliance through Data Classification

Download as PPTX, PDF
Index Engines Inc., profile picture
Index Engines Inc.

This document discusses how Index Engines technology can help organizations comply with the General Data Protection Regulation (GDPR). It provides an overview of the GDPR requirements and highlights Index Engines' capabilities such as data classification, reporting, disposition, and automated monitoring that allow organizations to know, manage, and govern their enterprise data in accordance with the GDPR. Index Engines provides a single platform to classify petabytes of data, enable flexible search and disposition of personal data, and demonstrate ongoing compliance through automated policy monitoring and auditing.

Technology
1 of 19
Downloaded 74 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Enterprise Data Classification and Disposition Technology Introduction Supporting GDPR Compliance through Data Classification
Index Engines Introduction ▪ Enterprise Class Information Management Platform ▪ Purpose-built, high-speed indexing for global data centers ▪ Scalable platform that supports petabytes of unstructured data and email ▪ Only solution to support both network and backup data sources ▪ Find, manage and govern data based on policies ▪ Corporate Profile ▪ Private company headquartered in Holmdel, NJ ▪ Founded in 2004 ▪ Partnered with Dell EMC, Amazon/AWS, EY, FTI ▪ Patented technology ▪ Clients include: JPMC, Citi, Barclays, TIAA-CREF, State of CA, DOJ, Catholic Health, Cincinnati Children’s, Qualcom, Merck Copyright Index Engines Inc. 2017 All rights reserved. 2
The GDPR Overview ▪ Changes how organizations manage personal data ▪ Puts ownership of data back in the hands of citizens ▪ Rights to access, rectify, erase, restrict, migrate, etc. ▪ Significant penalties (up to 4% of turnover) and restrictions based on non-compliance ▪ Requires detailed knowledge and management of content containing personal information ▪ Home address, email address, license plate, credit cards, etc. Copyright Index Engines Inc. 2017 All rights reserved. 3
The Articles of the GDPR 9 key articles focus on areas where the right technology platform can make easy work of the regulation: ▪ Article 15: Right of access by the data subject ▪ Article 16: Right to rectification/correction of data ▪ Article 17: Right to erasure (right to be forgotten) ▪ Article 18: Right to restriction of processing ▪ Article 20: Right to data portability ▪ Article 21: Right to object ▪ Article 22: Automated individual decision-making, including profiling ▪ Article 25: Data protection by design and default ▪ Article 35: Data protection impact assessments Copyright Index Engines Inc. 2017 All rights reserved. 4
Index Engines Support for the GDPR Know IT Manage IT Govern IT ▪ Data Classification & Profiling ▪ Enterprise class indexing software ▪ Metadata, full text, pattern/regex/PII, security ACLs, activity logs ▪ Reporting & classification on user files and email ▪ Defensible Disposition ▪ Delete, copy or migrate ▪ Integrated archiving & preservation ▪ Defensible audit trails and logs ▪ Automation and Monitoring ▪ Ongoing monitoring ▪ Automated management based on policy ▪ Instant access to personal data Copyright Index Engines Inc. 2017 All rights reserved. 5
Classify Data for Simplified Access and Management Classify data by Active Directory group membership Example: Client Services, HR Use metadata to filter on data that typically contains personal information Example: Documents, email, etc. Tag this content for easy access and future queries Example: PII/RegEx or persons name ▪ Create an automated data map based on a range of criteria ▪ Classify content to focus on areas that are highly suspect for personal information ▪ Allows for more targeted and simplified search and audits Copyright Index Engines Inc. 2017 All rights reserved. 6
Classification for ROT Analysis and Clean Up ▪ Clean Redundant, Obsolete & Trivial content to simplify data management & prepare for the GDPR ▪ ROT can comprise up to 40% of network data Copyright Index Engines Inc. 2017 All rights reserved. 7 • Duplicate content • Aged data, not accessed in more than X years • Abandoned data, owned by ex-employees and not accessed • Non-Business Multimedia files: photos, videos, audio (iTunes) • Trivial files: log files, iTunes music, personal vacation photos, etc. Classify Data • Migrate non-active data that should be preserved to cloud • Delete content with no business value maintaining full audit trail • Archive non-active data with personal information for further investigation Defensible Disposition
Legal Mktg Fin HR Oper Mfg Percentage 17% 18% 12% 28% 8% 17% Capacity (TB) 850 900 600 1,400 400 850 # Files (B) 42.5 45 30 70 20 42.5 8 2 7 12 22 5 92 98 93 88 78 95 0 50 100 150 LEGAL MKTG FIN HR OPER MFG Active Data Last Accessed in Last Year 1 Year > 1 Year 17% 18% 12% 28% 8% 17% Capacity by Department Total Capacity 5,000TB Legal Marketing Finance HR Operations Manufacturing 0 20 40 60 80 100 Legal Mktg Fin HR Oper Mfg Abandoned Data Ex-Employee based on Active Directory (TBs) Accessed in Past Year Not Accessed in > 1 Year ROT Analysis Classification of Redundant, Obsolete & Trivial Content Legal , 248 Mktg, 270 Fin, 240 HR, 560 Oper, 123 Mfg, 170 Redundant Content (TBs) 0 1000 2000 3000 < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Obsolete Content by Last Accessed (TBs) 0 20 40 60 80 100 Logs Video Photos Music Other Trivial Files (TBs) 1,256 35 989 768 49 88 Email Audit # of PSTs on Shared Network by Department Legal Mktg Fin HR Oper Mfg Note: Charts generated using 3rd party software based on Index Engines data Copyright Index Engines Inc. 2017 All rights reserved. 8
Index Engines Reporting and Classification Features ▪ Supports petabyte-class data center environments, 1% index footprint for metadata ▪ Federated search, reporting and archiving for large scale, distributed data ▪ High speed indexing, reaching up to 1TB/hour/node ▪ Active Directory integration to group data by departments ▪ Tagging to classify data based on any criteria ▪ Flexible queries and reporting on: ▪ Metadata ▪ Full text and keyword ▪ Boolean search including proximity ▪ Pattern/PII including credit cards, bank routing, social security, etc. ▪ Regular expression, POSIX basic and extended ▪ Conceptual search (coming soon) ▪ Security ACLs, read/write/browse permissions ▪ Activity logs reporting on user access to specific files Copyright Index Engines Inc. 2017 All rights reserved. 9
Search and Reporting Interface Copyright Index Engines Inc. 2017 All rights reserved. 10
The GDPR Requirements for Personal Data ▪ The GDPR defines personal data as: “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” ▪ Requires flexible and comprehensive search and reporting ▪ Personal Data: any information relating to an identified person, such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. ▪ Sensitive Personal Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation ▪ Examples of Index Engines queries: ▪ Keyword: Name, address, TaxID, etc. ▪ Pattern: Bank routing, social security, credit card numbers, etc. ▪ RegEx: Phone numbers, postal code, license plate, UK bank sort code, email address, etc. ▪ Concept: train the query engine to identify personal data ▪ Queries can be combined with Boolean parameters (i.e. NEAR) Copyright Index Engines Inc. 2017 All rights reserved. 11
Departmental Drill Down LegalOperHRFinMktgMfg < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Documents Containing PII 17 Documents Containing PII 22 Documents Containing PII 857 Documents Containing PII 1,232 Documents Containing PII 5 Documents Containing PII 217 Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Copyright Index Engines Inc. 2017 All rights reserved. 12
Security Assessments ▪ The GDPR mandates strict notifications and potential fines for data breaches ▪ Security assessments will find sensitive data and manage it proactively ▪ Examples of Index Engines capabilities: ▪ Find documents containing personal information ▪ Use Activity Logs to determine who has accessed these files to find potential rogue employees ▪ Use Access Control Lists (ACLs) to determine who has read/write/browse permission for sensitive files ▪ Proactively clean up sensitive data so it does not breach the fire wall ▪ Proactively determine unusual access to sensitive content Copyright Index Engines Inc. 2017 All rights reserved. 13
Defensible Disposition ▪ The GDPR delivers citizens the right to access, rectify, erase, restrict or migrate their personal information ▪ Timeframes are defined to accomplish this requirement, otherwise potential fines ▪ Examples of Index Engines integrated disposition capabilities: ▪ Find it for editing ▪ Find and export ▪ Migration/archiving to cloud storage ▪ Deletion ▪ Archive and restrict Copyright Index Engines Inc. 2017 All rights reserved. 14
The GDPR Workflow with Index Engines 1.First pass metadata classification. 1.Include metadata classification into data mapping interviews. 1.Defensible deletion – purge everything you can. 1.Second pass classification, identify personal data zones. 1.Deep analysis using conceptual search to identify PII. 1.Tag personal data for easy access. Copyright Index Engines Inc. 2017 All rights reserved. 15
Ongoing Monitoring and Automation ▪ The GDPR requires “monitoring compliance with the GDPR and other Union or Member State data protection laws, including managing internal data protection activities, training data processing staff, and conducting internal audits.” ▪ Organizations will need to show compliance with the GDPR through the use of technology and sound policies ▪ Examples of Index Engines capabilities: ▪ Store queries and polices ▪ Automated policy search and identification (email notifications) ▪ Automated reporting with csv/text file for use in 3rd party reporting tools ▪ Automated indexing and preservation/archiving ▪ Activity logs/audit trails Copyright Index Engines Inc. 2017 All rights reserved. 16
Legacy Backup Data and GDPR ▪ The GDPR defines processing of data as: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;” ▪ Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes ▪ Backup is an automated operation that processes personal data. ▪ Backup is not an archive! How can you find and purge data on old backup tapes? ▪ Index Engines delvers a solution to migrate data of value from tape to disk/cloud ▪ Go tapeless and eliminate the risk and liability of inaccessible backup data ▪ Examples of Index Engines capabilities: ▪ The only solution that provides direct access to backup data ▪ No need for the original backup software ▪ Profile and classify backup data ▪ Migrate data of value to disk cloud with full search capability ▪ Go tapeless
Index Engines Key Advantages for the GDPR Enterprise data insightKnow IT • The only enterprise class indexing platform on the market today • Supports all classes of data from primary storage to backup content Streamlined dispositionManage IT • Classify and report on content across the data center • Flexible access and disposition options to manage effectively Take control of dataGovern IT • Integrated archiving and preservation • Support for legal and security policies Copyright Index Engines Inc. 2017 All rights reserved. 18
Next Steps… Copyright Index Engines Inc. 2017 All rights reserved. 19 ▪ Get your complimentary GDPR Guide here. ▪ Contact us about our GDPR assessment service ▪ Index Engines www.indexengines.com jim.mcgann@indexengines.com

More Related Content

PPTX
Webinar: Practical Technology Playbook for the GDPR
Index Engines Inc.
 
PPTX
Tackling the GDPR Dell EMC Index Engines Webinar
Index Engines Inc.
 
PDF
Building the Governance Ready Enterprise for GDPR Compliance
Index Engines Inc.
 
PPTX
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Index Engines Inc.
 
PDF
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Index Engines Inc.
 
PDF
Beyond GDPR Compliance - Role of Internal Audit
Omo Osagiede
 
PDF
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
PPTX
GDPR & Your Cloud Provider - What You Need to Know
Rachel Roach
 
Webinar: Practical Technology Playbook for the GDPR
Index Engines Inc.
 
Tackling the GDPR Dell EMC Index Engines Webinar
Index Engines Inc.
 
Building the Governance Ready Enterprise for GDPR Compliance
Index Engines Inc.
 
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Index Engines Inc.
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Index Engines Inc.
 
Beyond GDPR Compliance - Role of Internal Audit
Omo Osagiede
 
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
GDPR & Your Cloud Provider - What You Need to Know
Rachel Roach
 

What's hot (20)

PDF
Practical steps to GDPR compliance
Jean-Michel Franco
 
PDF
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
Omo Osagiede
 
PPTX
Vuzion Love Cloud GDPR Event
Vuzion
 
PPTX
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 
PPTX
GDPR: Your Journey to Compliance
Cobweb
 
PPTX
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
PDF
GDPR and Hadoop
Janosch Woschitz
 
PDF
A practical guide to GDPR preparation
Promapp Solutions
 
PDF
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Ragnar Heil
 
PPTX
The EU General Protection Regulation and how Oracle can help
Niklas Hjorthen
 
PDF
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Jean-Michel Franco
 
PPTX
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
PDF
Everything you Need to Know about The Data Protection Officer Role
HackerOne
 
PPT
Building a register of data processing
Tim Gough
 
PPTX
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
PPTX
Gdpr action plan - ISSA
Ulf Mattsson
 
PDF
7 Key GDPR Requirements & the Role of Data Governance
DATUM LLC
 
PPTX
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
PDF
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
PPTX
GDPR How to get started?
Peter Witsenburg
 
Practical steps to GDPR compliance
Jean-Michel Franco
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
Omo Osagiede
 
Vuzion Love Cloud GDPR Event
Vuzion
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 
GDPR: Your Journey to Compliance
Cobweb
 
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
GDPR and Hadoop
Janosch Woschitz
 
A practical guide to GDPR preparation
Promapp Solutions
 
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Ragnar Heil
 
The EU General Protection Regulation and how Oracle can help
Niklas Hjorthen
 
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Jean-Michel Franco
 
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
Everything you Need to Know about The Data Protection Officer Role
HackerOne
 
Building a register of data processing
Tim Gough
 
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Gdpr action plan - ISSA
Ulf Mattsson
 
7 Key GDPR Requirements & the Role of Data Governance
DATUM LLC
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
GDPR How to get started?
Peter Witsenburg
 
Ad

Similar to Supporting GDPR Compliance through Data Classification (20)

PPTX
[Webinar Slides] 3 Steps to Organizing, Finding, and Governing Your Information
AIIM International
 
PDF
Data Stewardship and Governance: how to reach global adoption and systematic ...
Pieter De Leenheer
 
PDF
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
PDF
Fintech summit 2016 thomson reuters tim baker_presentation final
Glen Frost
 
PDF
Data compliance - get it right the first time (Full color PDF)
Peter GEELEN ✔
 
PDF
Data compliance - get it right the first time (Black/White printable PDF)
Peter GEELEN ✔
 
PDF
How to implement gdpr in your document repository
XeniT Solutions nv
 
PPTX
Emerging Standards: Data and Data Exchange in Scholarly Publishing - Jay Henr...
Ringgold Inc
 
PPTX
Emerging Standards: Data and Data Exchange in Scholarly Publishing
Ringgold Inc
 
PDF
Graphs & the Police: How Law Enforcement Analyze Connected Data at Scale
Neo4j
 
PPTX
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
emermell
 
PPT
Brian Dirking Software Selection For Records Management
bdirking
 
PPT
Enterprise Discovery: Taking Control, Driving Change
Iron Mountain
 
PPTX
Security Framework for Multitenant Architecture
DataWorks Summit
 
PDF
InsideView Clean Data
InsideView
 
PPT
Big Data Analytics (Collection of huge Data)
htihor40
 
PDF
Using neo4j for enterprise metadata requirements
Neo4j
 
PPSX
Introduction to Big Data Analytics.ppsx
JSujatha2
 
PPTX
Advancements in Legal Entity Data Quality
Kingland
 
PDF
The Sherpa Approach: Meeting the Demands of the Digital Age
Sherpa Software
 
[Webinar Slides] 3 Steps to Organizing, Finding, and Governing Your Information
AIIM International
 
Data Stewardship and Governance: how to reach global adoption and systematic ...
Pieter De Leenheer
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Fintech summit 2016 thomson reuters tim baker_presentation final
Glen Frost
 
Data compliance - get it right the first time (Full color PDF)
Peter GEELEN ✔
 
Data compliance - get it right the first time (Black/White printable PDF)
Peter GEELEN ✔
 
How to implement gdpr in your document repository
XeniT Solutions nv
 
Emerging Standards: Data and Data Exchange in Scholarly Publishing - Jay Henr...
Ringgold Inc
 
Emerging Standards: Data and Data Exchange in Scholarly Publishing
Ringgold Inc
 
Graphs & the Police: How Law Enforcement Analyze Connected Data at Scale
Neo4j
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
emermell
 
Brian Dirking Software Selection For Records Management
bdirking
 
Enterprise Discovery: Taking Control, Driving Change
Iron Mountain
 
Security Framework for Multitenant Architecture
DataWorks Summit
 
InsideView Clean Data
InsideView
 
Big Data Analytics (Collection of huge Data)
htihor40
 
Using neo4j for enterprise metadata requirements
Neo4j
 
Introduction to Big Data Analytics.ppsx
JSujatha2
 
Advancements in Legal Entity Data Quality
Kingland
 
The Sherpa Approach: Meeting the Demands of the Digital Age
Sherpa Software
 
Ad

Recently uploaded (20)

PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
KodekX | Application Modernization Development
KodekX
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 

Supporting GDPR Compliance through Data Classification

  • 1. Enterprise Data Classification and Disposition Technology Introduction Supporting GDPR Compliance through Data Classification
  • 2. Index Engines Introduction ▪ Enterprise Class Information Management Platform ▪ Purpose-built, high-speed indexing for global data centers ▪ Scalable platform that supports petabytes of unstructured data and email ▪ Only solution to support both network and backup data sources ▪ Find, manage and govern data based on policies ▪ Corporate Profile ▪ Private company headquartered in Holmdel, NJ ▪ Founded in 2004 ▪ Partnered with Dell EMC, Amazon/AWS, EY, FTI ▪ Patented technology ▪ Clients include: JPMC, Citi, Barclays, TIAA-CREF, State of CA, DOJ, Catholic Health, Cincinnati Children’s, Qualcom, Merck Copyright Index Engines Inc. 2017 All rights reserved. 2
  • 3. The GDPR Overview ▪ Changes how organizations manage personal data ▪ Puts ownership of data back in the hands of citizens ▪ Rights to access, rectify, erase, restrict, migrate, etc. ▪ Significant penalties (up to 4% of turnover) and restrictions based on non-compliance ▪ Requires detailed knowledge and management of content containing personal information ▪ Home address, email address, license plate, credit cards, etc. Copyright Index Engines Inc. 2017 All rights reserved. 3
  • 4. The Articles of the GDPR 9 key articles focus on areas where the right technology platform can make easy work of the regulation: ▪ Article 15: Right of access by the data subject ▪ Article 16: Right to rectification/correction of data ▪ Article 17: Right to erasure (right to be forgotten) ▪ Article 18: Right to restriction of processing ▪ Article 20: Right to data portability ▪ Article 21: Right to object ▪ Article 22: Automated individual decision-making, including profiling ▪ Article 25: Data protection by design and default ▪ Article 35: Data protection impact assessments Copyright Index Engines Inc. 2017 All rights reserved. 4
  • 5. Index Engines Support for the GDPR Know IT Manage IT Govern IT ▪ Data Classification & Profiling ▪ Enterprise class indexing software ▪ Metadata, full text, pattern/regex/PII, security ACLs, activity logs ▪ Reporting & classification on user files and email ▪ Defensible Disposition ▪ Delete, copy or migrate ▪ Integrated archiving & preservation ▪ Defensible audit trails and logs ▪ Automation and Monitoring ▪ Ongoing monitoring ▪ Automated management based on policy ▪ Instant access to personal data Copyright Index Engines Inc. 2017 All rights reserved. 5
  • 6. Classify Data for Simplified Access and Management Classify data by Active Directory group membership Example: Client Services, HR Use metadata to filter on data that typically contains personal information Example: Documents, email, etc. Tag this content for easy access and future queries Example: PII/RegEx or persons name ▪ Create an automated data map based on a range of criteria ▪ Classify content to focus on areas that are highly suspect for personal information ▪ Allows for more targeted and simplified search and audits Copyright Index Engines Inc. 2017 All rights reserved. 6
  • 7. Classification for ROT Analysis and Clean Up ▪ Clean Redundant, Obsolete & Trivial content to simplify data management & prepare for the GDPR ▪ ROT can comprise up to 40% of network data Copyright Index Engines Inc. 2017 All rights reserved. 7 • Duplicate content • Aged data, not accessed in more than X years • Abandoned data, owned by ex-employees and not accessed • Non-Business Multimedia files: photos, videos, audio (iTunes) • Trivial files: log files, iTunes music, personal vacation photos, etc. Classify Data • Migrate non-active data that should be preserved to cloud • Delete content with no business value maintaining full audit trail • Archive non-active data with personal information for further investigation Defensible Disposition
  • 8. Legal Mktg Fin HR Oper Mfg Percentage 17% 18% 12% 28% 8% 17% Capacity (TB) 850 900 600 1,400 400 850 # Files (B) 42.5 45 30 70 20 42.5 8 2 7 12 22 5 92 98 93 88 78 95 0 50 100 150 LEGAL MKTG FIN HR OPER MFG Active Data Last Accessed in Last Year 1 Year > 1 Year 17% 18% 12% 28% 8% 17% Capacity by Department Total Capacity 5,000TB Legal Marketing Finance HR Operations Manufacturing 0 20 40 60 80 100 Legal Mktg Fin HR Oper Mfg Abandoned Data Ex-Employee based on Active Directory (TBs) Accessed in Past Year Not Accessed in > 1 Year ROT Analysis Classification of Redundant, Obsolete & Trivial Content Legal , 248 Mktg, 270 Fin, 240 HR, 560 Oper, 123 Mfg, 170 Redundant Content (TBs) 0 1000 2000 3000 < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Obsolete Content by Last Accessed (TBs) 0 20 40 60 80 100 Logs Video Photos Music Other Trivial Files (TBs) 1,256 35 989 768 49 88 Email Audit # of PSTs on Shared Network by Department Legal Mktg Fin HR Oper Mfg Note: Charts generated using 3rd party software based on Index Engines data Copyright Index Engines Inc. 2017 All rights reserved. 8
  • 9. Index Engines Reporting and Classification Features ▪ Supports petabyte-class data center environments, 1% index footprint for metadata ▪ Federated search, reporting and archiving for large scale, distributed data ▪ High speed indexing, reaching up to 1TB/hour/node ▪ Active Directory integration to group data by departments ▪ Tagging to classify data based on any criteria ▪ Flexible queries and reporting on: ▪ Metadata ▪ Full text and keyword ▪ Boolean search including proximity ▪ Pattern/PII including credit cards, bank routing, social security, etc. ▪ Regular expression, POSIX basic and extended ▪ Conceptual search (coming soon) ▪ Security ACLs, read/write/browse permissions ▪ Activity logs reporting on user access to specific files Copyright Index Engines Inc. 2017 All rights reserved. 9
  • 10. Search and Reporting Interface Copyright Index Engines Inc. 2017 All rights reserved. 10
  • 11. The GDPR Requirements for Personal Data ▪ The GDPR defines personal data as: “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” ▪ Requires flexible and comprehensive search and reporting ▪ Personal Data: any information relating to an identified person, such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. ▪ Sensitive Personal Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation ▪ Examples of Index Engines queries: ▪ Keyword: Name, address, TaxID, etc. ▪ Pattern: Bank routing, social security, credit card numbers, etc. ▪ RegEx: Phone numbers, postal code, license plate, UK bank sort code, email address, etc. ▪ Concept: train the query engine to identify personal data ▪ Queries can be combined with Boolean parameters (i.e. NEAR) Copyright Index Engines Inc. 2017 All rights reserved. 11
  • 12. Departmental Drill Down LegalOperHRFinMktgMfg < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) < 1 Year 2 - 3 Years 3 - 4 Years 4+ Years Last Accessed (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Other Server Z Server Y Server X Location of Data (TBs) Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Data Types (TBs) Document Spreadsheet Presentation Other Documents Containing PII 17 Documents Containing PII 22 Documents Containing PII 857 Documents Containing PII 1,232 Documents Containing PII 5 Documents Containing PII 217 Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Other Server Z Server Y Server X Location of PII (Files) Copyright Index Engines Inc. 2017 All rights reserved. 12
  • 13. Security Assessments ▪ The GDPR mandates strict notifications and potential fines for data breaches ▪ Security assessments will find sensitive data and manage it proactively ▪ Examples of Index Engines capabilities: ▪ Find documents containing personal information ▪ Use Activity Logs to determine who has accessed these files to find potential rogue employees ▪ Use Access Control Lists (ACLs) to determine who has read/write/browse permission for sensitive files ▪ Proactively clean up sensitive data so it does not breach the fire wall ▪ Proactively determine unusual access to sensitive content Copyright Index Engines Inc. 2017 All rights reserved. 13
  • 14. Defensible Disposition ▪ The GDPR delivers citizens the right to access, rectify, erase, restrict or migrate their personal information ▪ Timeframes are defined to accomplish this requirement, otherwise potential fines ▪ Examples of Index Engines integrated disposition capabilities: ▪ Find it for editing ▪ Find and export ▪ Migration/archiving to cloud storage ▪ Deletion ▪ Archive and restrict Copyright Index Engines Inc. 2017 All rights reserved. 14
  • 15. The GDPR Workflow with Index Engines 1.First pass metadata classification. 1.Include metadata classification into data mapping interviews. 1.Defensible deletion – purge everything you can. 1.Second pass classification, identify personal data zones. 1.Deep analysis using conceptual search to identify PII. 1.Tag personal data for easy access. Copyright Index Engines Inc. 2017 All rights reserved. 15
  • 16. Ongoing Monitoring and Automation ▪ The GDPR requires “monitoring compliance with the GDPR and other Union or Member State data protection laws, including managing internal data protection activities, training data processing staff, and conducting internal audits.” ▪ Organizations will need to show compliance with the GDPR through the use of technology and sound policies ▪ Examples of Index Engines capabilities: ▪ Store queries and polices ▪ Automated policy search and identification (email notifications) ▪ Automated reporting with csv/text file for use in 3rd party reporting tools ▪ Automated indexing and preservation/archiving ▪ Activity logs/audit trails Copyright Index Engines Inc. 2017 All rights reserved. 16
  • 17. Legacy Backup Data and GDPR ▪ The GDPR defines processing of data as: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;” ▪ Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes ▪ Backup is an automated operation that processes personal data. ▪ Backup is not an archive! How can you find and purge data on old backup tapes? ▪ Index Engines delvers a solution to migrate data of value from tape to disk/cloud ▪ Go tapeless and eliminate the risk and liability of inaccessible backup data ▪ Examples of Index Engines capabilities: ▪ The only solution that provides direct access to backup data ▪ No need for the original backup software ▪ Profile and classify backup data ▪ Migrate data of value to disk cloud with full search capability ▪ Go tapeless
  • 18. Index Engines Key Advantages for the GDPR Enterprise data insightKnow IT • The only enterprise class indexing platform on the market today • Supports all classes of data from primary storage to backup content Streamlined dispositionManage IT • Classify and report on content across the data center • Flexible access and disposition options to manage effectively Take control of dataGovern IT • Integrated archiving and preservation • Support for legal and security policies Copyright Index Engines Inc. 2017 All rights reserved. 18
  • 19. Next Steps… Copyright Index Engines Inc. 2017 All rights reserved. 19 ▪ Get your complimentary GDPR Guide here. ▪ Contact us about our GDPR assessment service ▪ Index Engines www.indexengines.com jim.mcgann@indexengines.com