The customers of Sherpa Software didn’t buy the company’s product because there was a global pandemic coming. Or because one had landed. And even after it did, many of them didn’t realize that their software had extra value in the new world of work they now occupied. But they were glad to find out, said the company’s president, Kevin Ogrodnik.
In a recent briefing for TAG Cyber analysts, Ogrodnik pointed out that the potential security and privacy problems created by remote working aren’t new. But they were less significant in the past because fewer employees worked from home, and they did so only occasionally. As we know, Covid-19 changed all of that.
“Companies are worried about securing remote data because the number of cyberattacks has significantly increased during the pandemic,” Ogrodnik said. “Exposed data creates an opportunity for attackers to steal data. This is why it’s so important to understand what sensitive information is exposed in the remote working locations. Is it confidential data? And are employees following the company’s data protection policies?”
Sherpa can help by supplying its customers with answers. And this is where customers may be learning about capabilities they never knew the software had.
Businesses can start by assessing the state of their data. The Sherpa platform allows companies to locate remote data, analyze it, classify it, and (if required) remediate it. This allows security and privacy teams to have a view into remote data on employee laptops, and other areas where data hides.
Is there customer PII? Is it properly secured? If the company finds unsecure data, it can then be remediated. “This simply means that data that does not belong where it was found, or is not adequately secured,” Ogrodnik said, “can be pushed into a secure location or be deleted.”
“Our clients have been pleasantly surprised that the software could perform security assessments,” Ogrodnik continued. They hadn’t explored the data security issues presented by a remote workforce because there hadn’t been time. It all happened so quickly. One day the office was full, the next day it was empty. Some knew that Sherpa could help them manage the situation, he said. Others didn’t. “But they’re happy about the additional layer of security,” he added.
The changing environment has caused organizations to either create, or reiterate, clearly defined data retention policies for sensitive data such as PII. Additionally, companies have recognized the importance of having software that provides visibility into how those policies are being upheld.
“For companies that are not clients,” Ogrodnik said, “Sherpa offers a free risk assessment of a sample of their workforce—to discover sensitive data and broken data retention policies.”
The Early Days
Founded in 2000 and headquartered in Bridgeville, Pennsylvania, close to Pittsburgh, the company’s first product was on Lotus Notes, the CEO said. Microsoft Exchange was just being born. There were no standard retention policies. “We were doing information governance before the term was coined,” he said.
Ogrodnik was hired in 2001 as the company’s channel director. He was appointed to his current positions in 2006. E-discovery for litigation dominated the early years. It was all about finding information, and in that respect there’s a sense of continuity in what they do.
Privacy legislation has driven the software business in recent years. The EU’s General Data Protection Regulation and the California Consumer Privacy Act have attracted companies that were eager to automate the whole compliance process.
Data mapping is where it starts, Ogrodnik noted. Find it, tag it, classify it as confidential or whatever importance rating clients use. Privacy regulations enable consumers to request that their information be updated or deleted. When consumers request information, it’s mapped and available. The software can easily handle data subject access requests, and can delete information, if requested. Regulations like the GDPR and CCPA are complicated, he said, because they require companies to locate personal data in data stores throughout the organization—on laptops, network file shares and in the cloud. “Our software is uniquely adept at locating data wherever it exists,” Ogrodnik said.
The Data Explosion
The biggest story of the last five years, Ogrodnik said, is the exponential growth of data. And helping companies manage it all. A tremendous amount of the volume has been unstructured data, which has been the focus of many software companies. But recently Sherpa decided to widen the lens.
It was harder for companies to handle unstructured data like email, texts, webpages and photos, so that got all the attention for a while. But about a year ago, Ogrodnik said, Sherpa responded to customer requests to manage structured data as well. Typically, providers specialize in structured or unstructured data and don’t cover both. But Sherpa didn’t hesitate. “Our customers wanted to be able to manage all of their data in one place from a single platform,” Ogrodnik said.
As for the remote data, he had one more piece of advice. If companies are proactive in managing their data when their workforces are dispersed, he said, they’ll also have a better framework for handling the rest of their data, no matter where it resides.