The goal is to help companies understand where data was created, where it is stored, where it is being consumed and to apply controls to the data. This approach is interesting as it relies on the use of big data, some interesting analytics to determine risk and for many companies it will need to be carefully integrated into their existing data security processes.
What does it do?
The press release describes the Smart Reporting and Auditing service as delivering actionable intelligence around data that will:
- Reduce Cost – Organizations will save money by making informed, data-driven choices about their infrastructure locally and globally — reducing bandwidth consumption, minimizing support issues, and increasing productivity.
- Reduce Risk – IT leaders are provided access to unique insights about user, file, and device activity that can be harmful to their organization. The Smart Reporting and Auditing service helps maintain security and compliance with preventative alerts that notify IT about suspicious activities, internally and externally.
- Increase Visibility – IT and business users will be empowered to make smart decisions at every level with relevant, viable information that is delivered right to their Egnyte interface. IT will have more visibility into the security and efficiency of their entire corporate infrastructure and users will also gain insight into their usage patterns as well as internal and external collaborative efforts.
We spoke to Isabelle Guis, chief strategy officer at Egnyte about this announcement. She explained it as: “a tool for understanding the entire content lifecycle. It tracks the data from the moment it is created, records where it was created, the tool that created it and the platform on which it was created. It then tracks all changes to the data throughout its lifecycle such as who and when it was edited as well as where it was moved and by whom.”
Capturing all this data is helpful but the question then is what can you do with it? The first thing you can do, according to Guis is: “Apply different states to the data.” These might be to control where the data can be stored or where it can be moved. One way of doing this is to automatically apply password protection to certain types of data. Guis said: “Even if saved locally you cannot open without the right password.” This would help stop data be passed to third-parties or removed from the enterprise.
Guis continued: “New reporting requirements mean that you have to identify new data from Europe and where it has been moved to the US. We can use this to ensure that data created in Europe is kept in Europe and help customers stay within the law.” This approach is interesting and will appeal to many companies struggling to work out how to control data flow and storage.
Guis posed a rhetorical question that goes to the heart of data protection. “Why would a company not look at where data was created and used? This type of solution means anyone can protect the content by location, quantity and quickly identify breaches.”
(Next: Giving companies a Safe Harbor alternative)