Today at the 2019 RSA Security Conference, on the one year anniversary of receiving the 2018 RSA innovation sandbox award, BigID is unveiling a new big idea: Data Access Intelligence. We created BigID’s platform to provide a first-of-its-kind identity-centric view of personal information for GDPR and CCPA. BigID is the industry’s first solution to find any information across any data, automatically classify it by type–and critically for privacy–by person. BigID’s new Access Intelligence capabilities enhance our Data Intelligence Platform by allowing security and risk management professionals to identify systems and employees with over-permissioned access to personal information.
We are delivering this added layer of insight in direct response to customer requests to better leverage PI in risk mitigation activities for regulations with significant open-access requirements–such as SOX, GLBA, NYDFS, PCI-DSS–in addition to the new generation of privacy regulations–such as CCPA and EU GDPR.
Why Data Access Intelligence?
By providing insight into employee and application access of personal information, BigID is providing another way for customers to derive value from understanding whose personal information they have, where it resides, and how it’s being used. In doing so, we are allowing security teams to act quickly and efficiently, prioritizing their work based on comprehensive, data-driven insight. Privacy and security teams can answer a critical set of questions that apply equally to both emerging privacy and traditional security and regulatory compliance mandates:
• What type of data now needs to be protected? PI based on association with an individual for EU GDPR and the California Consumer Privacy Act (CCPA) compliance – not just PII
• Where is that data is stored? Not just traditional file shares in the corporate datacenter, but AWS S3, Google Drive and Microsoft Azure as well as structured data sources
• Who and what has access to the data? What employees and systems are accessing PI?
• How does privacy risk and continuous compliance get operationalized? Not just a quarterly controls and entitlements review, but ongoing remediation action based on current insight into actual data.
• How do organizations identify and mitigate privacy and security risk on an ongoing basis? Moving from on-prem client-server installation to hybrid deployments using a microservices architecture to discover inventory and protect data at petabyte scale.
BigID starts with answering the toughest question: what data needs protection for GDPR and CCPA compliance – and where – by building an inventory of all personal information across the enterprise infrastructure. Access Intelligence extends our ability to understand data with the dimension of who and what has access to the data – enabling privacy teams to identify where PI is most at risk based on open access permissions and communicate to security teams where to focus.
Personal data is one of the most important assets an organizations collects and processes. Now BigID provides more insight into both the what and who to give an organization a more complete picture of their data.