ARTICLES

Taking Inventory for Security and Privacy

As a teenager, I worked at a discount grocery store on the Jersey Shore – and nothing was more tortuous than inventory. The owner would shut down the entire operation and we’d go through every aisle with a clipboard, counting what was left on the shelves. There was a guy named Dominic who worked with me, and he would complain so much that I usually just begged him to go sleep in the back. It was easier to do the work myself – quietly.

Sadly, once I joined the workforce as an adult, I found the same level of non-enthusiasm around the inventory process for IT resources. As my experience grew over the years, I noticed that not only were enterprise inventory processes broadly disliked, but that the accuracy and usefulness of IT inventory systems were generally of low quality. And in my chosen discipline of cyber security, this was not an acceptable situation.

More recently, as an analyst, I finally see some glimmers of hope. The inventory process has become a more active engagement with modern, automated tools providing visibility into real-time status of which assets exist where, and with what characteristics. The clipboard monotony has been replaced with sleek, high-tech, automated discovery platforms – and nothing could be more welcome from a cyber security perspective.

The TAG Cyber team had the privilege to spend time last week (virtually, of course) with experts from Florida-based data privacy firm Spirion. Led by President and CEO Kevin Coppins, the company specializes in discovering and classifying the sensitive data stored across an enterprise. Business rules guide the classification process, thus enabling good decisions about how to protect those information resources.

“We support the enterprise inventory process with an automated platform the performs comprehensive discovery and classification,” explained Frank Dean, a solutions engineer with Spirion. “The platform supports privacy-first enterprise management and protection of sensitive information, and is often an essential component in meeting security compliance and regulatory requirements.”

The company’s platform includes lightweight agents that run on Windows, RedHat Linux, or OSX. The agents discover data on-premise (desktops, workstations, and servers), or in the private or public cloud with support for SharePoint, Dropbox, Bitbucket, Box, G Suite, MongoDB, and Office 365. Support is also included for storage technologies such as Oracle Database and MySQL.

“Users reach our console server through an interface that is accessible via the browser, explained Dean, “and data can also be transferred to the console from MSSQL servers. Our deployed agents communicate directly with the console to provide accurate, real-time status of discovered data assets. The result is an inventory process that support both the security and privacy objectives of an enterprise.”

The methodology implicit in the Spirion process involves five enterprise tasks: Discovery of known and unknown assets, classification of enterprise data assets, understanding of all discovered data inventory, control of sensitive data, and compliance with required protection controls. These five on-going tasks provide context for how enterprise users engage with the Spirion platform to create real-time visibility into data and assets.

From an industry analyst perspective, it is especially satisfying to see such an essential IT management and security task as sensitive data inventory experiencing strong commercial success. At TAG Cyber, we are seeing many enterprise teams starting now to get serious about automating the inventory task, and Spirion offers an excellent means for achieving this goal with a minimum of friction for data owners and administrators.

Admittedly, enterprise data discovery and inventory will not get the sexy treatment one finds with AI-based security analytics and other modern algorithmic advances. But this does not diminish the important role that discovery and classification play in establishing security, privacy, and compliance. And it would be hard to find an enterprise that would not benefit to some degree from automated assistance in these areas.

We recommend that you take the time to give the team at Spirion a call. Ask to see a demonstration of their fine console, and ask to hear about the many different industry sector that they currently support. As always, please share back with us your own insights and learnings after you meet. We look forward to hearing from you.

Please stay safe and healthy.