A number of compliance standards hinge on identifying and protecting Personal Information. This Personal Information can take many forms including Personal Health Information (PHI), Personally Identifiable Information (PII), and Sensitive Personal Information (SPI).
The General Data Protection Regulation (GDPR), coming into effect May of 2018, is the newest compliance standard sweeping the industry. However existing compliance standards such as HIPPA , GLBA and FERPA all require strict controls of personal data. Fines for violating compliance skyrocket with GDPR, so how should Enterprises find and classify existing PII data?
Introducing the PII Scanning and Detection engine for the Enterprise File Fabric…
Those familiar with the Enterprise File Fabric know it includes a Deep Content Search capability. Deep Content Search indexes the data within PDFs, Microsoft Office, LibreOffice, and a number of other document formats. This content indexing works with any of the 60+ storage providers supported by the Enterprise File Fabric, which includes on-cloud and on-premises storage as well as storage related applications such as Basecamp and standards such as HIPAA.
The PII Scanning & Detection engine compares this data to a number of predefined and/or custom rules. PII based data is then automatically tagged and discovery based events are triggered.
Best of all, since the Enterprise File Fabric does not proprietize data it can work with existing data on existing data stores. The Enterprise File Fabric will continue to pick up new data, even if that data is written directly to the backend storage.
Let’s walk through an example to see this feature in action:
(If your more of a video person, please enjoy this demo instead)
1. A user or admin adds a storage provider to the Enterprise File Fabric. In this example, the storage is an Enterprise Office 365 account containing some sensitive data.
2. The Enterprise File Fabric indexes all of the files, storing just the metadata, for quick access, and for the content a searchable index is created.
3. Files and Folders containing PII based data are tagged in the user interface. Anyone viewing these files and folders will be alerted to the presence of sensitive data.
4. A security group of PII reviewers are alerted to the newly indexed data. This occurs via email and messaging in the browser. The location of the data, the user who uploaded the file, and the number of users that have access to the data is contained in these alerts.
5. The PII based files have also been assigned custom classifications based on the type of PII contained within. The PII reviewers are able to search these classifications or run custom searches for new PII based data. Once located, PII files can be moved, deleted or further restricted via User and Group ACLs.
Quick Tag Search
Discovering PII based data is the first step to mitigating potential data breaches and with the enterprise File Fabric it is automatic and transparent and it does not require a third party application integration like many vendors do.
If you are an enterprise, a service provider, an educational establishment or a financial service provider who is subject to GDPR, PCI DSS, HIPAA, GBLA, FERPA or other compliance standards please ask a Storage Made Easy Enterprise Architect for a demonstration of the Enterprise File Fabric.
Latest posts by Douglas Soltesz (see all)
- How to discover PII Data on any local or remote Storage - January 22, 2018
- Updated: Securing the Enterprise File Fabric with Let’s Encrypt Certificates - January 19, 2018