2018 was a watershed year for privacy. The passage of the EU GDPR ushered in a new era in which data privacy became a first-order data security and governance problem warranting corporate attention and investment. This is not to say that the profession of privacy began last year. Quite the opposite. Regulations covering privacy protection have existed for many years. But in its broadened coverage scope, prescriptive specificity and size of censure, GDPR has helped shift the problem of privacy protection from a discipline, oriented toward process and policy, to one of product.
BigID was among a handful of security companies that foresaw the likely change GDPR would introduce back in 2016. It did not take Ph.D. in connecting dots to know that protection of personal information remained a huge issue in 2016. The constant drip of daily breaches plainly indicated that whatever protections for personal information did exist, were insufficient. The problem of loss, misuse, abuse and theft of personal information in 2016 was getting worse, not better. And the usual defenses built around network, server and endpoint protection was clearly not enough.
The Big Idea of BigID
As it turns out, BigID’s Big Idea for improving protection for personal information happened to dovetail almost perfectly with GDPR’s formulation for protecting the privacy of consumer and employee data. Restating the simple aphorism that you can’t protect what you can’t find, data knowledge is a requirement for better data security. Without data knowledge, it’s impossible for a company to account for an individual’s data or assure individuals that their data was being collected, stored and processed with their privacy preservation in mind. Prior to BigID, the tools to find and track personal data remained very primitive: their coverage was limited to a few 2006 era data sources; they were geared for PII discovery vs PI for all personal information; they couldn’t determine what data belonged to what person, making personal data rights impossible; and they couldn’t confirm that data was being stored or processed in ways that conformed with a stated purpose-of-use, consent agreement or compliance with a regulation. As a consequence, before 2016 the problem of data privacy was detached from data protection since no adequate tools existed for bridging IT and the privacy office. Instead of data records, privacy professionals relied on data recollections via surveys and spreadsheets, not scans.
BigID’s thesis in starting out was that protection and privacy of personal information required data knowledge. BigID bridged the worlds of machine learning, data science, and identity intelligence to introduce a first-of-its-kind product to help organizations gather privacy insight on the data assets they collect and process on their customers and employees.
Going Big in 2018
Fast forward to 2018 and BigID started building on the foundation it put in place in 2016. After raising two rounds of funding in quick succession, BigID started expanding first in the US and later toward year-end across Europe, Asia, and Latin America. Along the way, BigID grew sales 7x and collected numerous industry recognition like most innovative company at the 2018 RSA Conference, Gartner Cool Vendor, and InformationWeek Vendor to Watch in Data among many other accolades.
Big Things in 2019
Setting our sights to 2019, BigID now has a global footprint, broad and deep partnerships and industry-recognized technology poised to change how corporations protect the privacy of their data. With additional regulations set to be introduced in the US, Asia, and Latin America in the coming years, privacy has become a first-order problem in security. Ensuring the integrity of personal information has never been more essential or widespread. BigID hopes to continue helping shift the paradigm and deliver its customers a fresh approach to safekeeping their most important asset – their customer and employee data.