water spilling from a sprinkler

Flashback to, say, 2005 when IT managers stressed about content, data compliance and governance within the walls of the enterprise.

While a call from the powers that be — whether they were the Feds, attorneys or auditors — made the C-Suite and IT Managers a little nervous, at least they knew where their data was. Namely in the datacenter, behind the firewall and under IT’s control.

Flash forward to 2015 and data can be anywhere, from on-premises at the company, in the cloud, in transit and on any number of mobile  endpoints ranging from laptops to phones or tablets and whatever comes next.

Does Mobile + Cloud Spell Trouble?

“Opportunities for trouble are plentiful with so much data outside of the firewall,” Dave Packer, vice president of product marketing at Druva explained. Druva specializes in data protection.

“In some cases there’s more company data outside the CMS than in it.”

That doesn’t bode well for companies, especially for those that have to comply with regulations like HIPAA, PCI DSS, FACTA/FCRA, GLBA, COPPA and so on.

But reeling the data back in and keeping (or trying to keep) it behind the firewall isn’t really an option, said Packer, “We’re living in a mobile-first world.”

It’s Too Late, Baby

 And looking for breaches after you think they’ve occurred isn’t much of a strategy either. The damage can be nearly irreparable when sensitive employee and customer data is violated. Non-compliance and risk exposure have resulted in millions of dollars in fines, and even more in reputation damage.

Packer says that Druva can help its customers avoid such problems with its new “Druva Proactive Compliance” offering.  It was built to bring deep search, auditing and automated data scanning capabilities to enterprises and to help them quickly and proactively identify and act upon data risks across cloud services and endpoint devices.

Not on My Watch

As part of Druva’s inSync Elite+ offering, Druva Proactive Compliance provides enhanced governance-related capabilities that helps organizations to be more proactive in their ability to understand, identify and take action on data risks across the dispersed data environment.

It helps them track, monitor and be alerted of potential data risks associated with Personal Healthcare Information (PHI), Personal Credit Information (PCI), Personally Identifiable Information (PII) and Intellectual Property (IP) across both cloud services and end-user devices via:

  1. Centralized compliance dashboards:  Compliance, security and legal teams have an easily navigable federated view by data source, compliance risk type, risk level, user as well as other pertinent information to make quick assessments and investigate infractions.
  2. Non-compliance reporting:  Compliance and Information Security teams can subscribe to regulation or policy-specific reports, which are automatically generated and emailed to subscribers when potential data risks are discovered.
  3. Pre-defined, customizable compliance templates: Organizations can select from pre-defined compliance templates (ex. HIPAA, GLBA, PCI) or customize their own.  inSync will automatically scan, identify and alert the organization of risks as necessary.
  4. Investigative searching: Companies that conduct internal investigations on behalf of a legal request or need to identify sensitive data (HR data, IP, financial records) can utilize inSync’s new deep-search capabilities to pinpoint materials across their end-user data.

Druva’s Legal authenticity and admissibility enables companies to ensure the integrity of their data for both compliance and legal needs by capturing extended meta-data and creating a unique fingerprint for every file in the system.

In doing so, inSync is able to provide an auditable trail of a file’s history and a litmus test for its unmodified integrity.

Balancing Opportunity with Safety

The mobile-first, cloud-first era comes not only with great opportunities, but also with great challenges. Druva, through its Proactive Compliance offering, aims to cut problems off at the pass and to keep company and customer data to prevent problems from becoming expensive and disastrous.

Creative Commons Creative Commons Attribution 2.0 Generic License Title image by mccun934.