Every week, if not more often, there appears another story in the news exposing a security breach at some company or organization — the loss, theft or inadvertent exposure of sensitive material such as Social Security numbers, credit card numbers and other financial and personal data. In fact, according to the Privacy Rights Clearinghouse, since January 2005 there have been more than 104 million such breaches.
To avoid bad press, comply with a growing number of government and industry regulations aimed at protecting consumer privacy (such as HIPAA, SEC 17a-4, Sarbanes-Oxley and the Leahy-Specter Personal Data Privacy and Security Act of 2007) and, more importantly, to keep their customers happy, companies are now taking greater measures to ensure that sensitive customer data is properly protected.
The Unstructured Data Nightmare
One of the greatest challenges that large and small companies face in the race to protect their customers' privacy is identifying sensitive data that is stored in non-database files and e-mails, what's referred to as unstructured information. That's where Kazeon comes in. Its mission: to help organizations identify and manage that unstructured information, no matter where it's stored.
"Today in most organizations, unstructured data represents 70 to 80 percent of their online data," explains Michael Marchi, vice president of solution marketing at Kazeon. "Yet organizations have little visibility into this information."
To gain that all-important visibility and help organizations proactively identify sensitive and confidential information sitting out, exposed, on corporate networks, Kazeon created the Information Server IS1200-ECS. Billed as the first appliance to integrate content-aware indexing, classification, search, reporting and migration together in one package to address compliance, data privacy and security challenges, the Kazeon Information Server is being deployed by companies like Omnium Worldwide, a leading accounts receivable company, that collect and need to protect sensitive data.
Standards Compliance
For Steven Cartwright, Omnium's director of information security, compliance with industry standards — such as the Payment Card Industry Data Security Standard (PCI DSS), the Statement on Auditing Standards (SAS) No. 70 and HIPAA — is a huge issue. As he explains, "the industries that we play in [mainly financial services, telecommunications and healthcare] each have their own unique regulations that they have to comply with, which they then push on us."
Of particular concern to Cartwright and Omnium was SAS 70 certification, which would entail an auditor specifically looking at Omnium's data security and how it handled client data. "It's a client requirement — a way for our clients to have a third party validate that we're doing things correctly," explains Cartwright. So it was not something that Omnium could avoid — or afford to fail.
However, until recently, Omnium, like many companies its size, didn't have an automated system for discovering whether sensitive customer information was stored properly or not. "We'd stumble across areas of non-compliance rather than having something that would tell us where our areas of non-compliance were," says Cartwright. "We'd hear something through the grapevine: this isn't stored properly or this group is using this share incorrectly. And we would do a lot of manual investigation: Where is it? What is it? Where does it need to go?"
So late last summer, when a vendor stopped by to chat with Cartwright about Omnium's storage and security needs and mentioned Kazeon, Cartwright was all ears. If the Kazeon Information Server truly delivered on what it promised, it could be the solution Omnium needed to help it get those critical SAS 70 and PCI certifications.
It took many weeks, several internal discussions, looming standards reviews, product comparisons and ultimately 30 days of testing a Kazeon Information Server demo unit to convince management, but Ominium eventually gave Kazeon a purchase order.
Source |
