Solving enterprise privacy & compliance problems with AI

Part 1: Identifying the problems to be solved

By Anusha Vaidyanathan, Sr. Dir. Product Management at Data Secrets

Privacy and compliance related technologies have gained traction especially after the enacting of the European Union’s landmark GDPR in 2018.

Two indicators that drive the adoption of privacy and compliance are invariably linked to security. They are: the fines due to non-compliance with the regulations, and the cost of data breaches that involve sensitive data.

Companies paid €1.3 billion (USD $1.5 billion) in fines over the last three years. Amazon was recently slapped with a €746 million (USD $888 million) fine for GDPR violations relating to data usage for advertising, while WhatsApp Ireland was fined €193 million (USD $266 million) for using data in ways not adequately disclosed in their privacy notices. In the US, new state-level privacy laws in California, Colorado and Virginia add more regulations and fines for many of the same types of issues covered under the GDPR.

While regulations can have high costs for non-compliance, enterprises also have a variety of security requirements and industry standards that are designed to avoid security breaches and other negative incidents. Rules across the financial industry, like PCI DSS for retail use of credit cards, SOC-2 and ISO 27001 for SaaS companies, are designed to reduce security risks. With the global average cost of a data breach being USD $4.2 millionin 2021, regulatory fines are not the only expensive events that can occur with company data.

How do current products address these issues?

Several privacy operations and management tools exist in the arsenal for executives responsible for managing data risk and compliance issues, including privacy leaders, Governance, Risk and Compliance (GRC) professionals,and their executive sponsors and stakeholders. They include tools for conducting risk assessments, managing requests from data subjects, managing web browser cookie consent and preferences, data discovery and inventories, and tools for encryption and anonymization. Many application data management companies are also beginning to build privacy features within development environments and applications, enabling features that assist with managing data-related risks.

However, most of these solutions presume you have end-to-end control of the data. They frequently do not address risks across global and third-party infrastructure, nor do they help with data in motion when the application is running.

Security and data leakage prevention products fill a portion of that gap, focusing on protecting data and providing policy-based access to users, devices, and applications. But even those solutions have gaps, primarily because they do not operationalize the full range of compliance requirements at scale.

What if you could have a solution that could automate all laws and regulations? One that eliminates manual risk analysis and blind spots, assessing risk for a variety of data sources, data at rest, data in motion and data in use across all your data governance requirements? That is what we do at Data Secrets.

Data Secrets enables businesses to get ahead of risks arising from cloud and SaaS applications, and the APIs that are central to those applications, by using artificial intelligence to analyze your environment against the full range of requirements on your data operations. With rulesets derived from applicable laws like CCPA and GDPR, and industry standards like PCI-DSS, Data Secrets creates an AI-powered Knowledge Graph to operationalize all your compliance requirements, linking them to near real-time risk assessment and remediation.

How do we do this? It’s a conceptually simple process, but each of the steps involves sophisticated technologies designed to operate at the speed and scale necessary to deliver accurate and timely results for today’s complex enterprises. Across a series of blog posts, we’ll look at many of the key concepts underlying the Data Secrets solutions, but at the highest level, here is how our solution works:

• We automate your applicable laws, policies, and other requirements (such as contractual obligations) through a policy Knowledge Graph that uses Natural Language Processing (NLP) to convert English language policies, corporate policies, laws and regulations, into actionable code.
• We trace what we call “Risk Lineage” to show the progression of data risk across multiple API transactions and across diverse entities and platforms.
• We then analyze those risks, when the data is both at rest and in motion, using a context-aware Risk Analysis and Scoring Engine that uses many inputs such as location, application type, data type, and applicable laws, with continuously self-trained machine learning (ML) models to constantly improve accuracy and performance.

Data Secrets sits alongside existing solutions to fill significant gaps in today’s InfoSec, GRC, Privacy Ops and data management solutions. It integrates with a wide variety of IaaS, SaaS, and cloud native applications to provide low effort, out-of-the-box deployment across complex distributed data environments.

In upcoming parts of this series, we will elaborate on how Data Secrets uses a combination of AI and machine learning techniques, how we measure it and the technical benefits of using this AI-based approach.

In the meantime, if you have any questions about Data Secrets, contact us at info@datasecrets.io.

Data Secrets, a portfolio company of The Hive, enables businesses to get ahead of risks arising from cloud and SaaS applications, and APIs, using artificial intelligence. Our solutions are focused on identifying risk wherever applications are accessing your data — in the public cloud, in SaaS applications, and on-premises — and using rulesets derived from applicable laws (like CCPA and GDPR) to prioritize your risk mitigation tasks. Data Secrets is making privacy risk assessment and data governance more effective by filling a gap in today’s manual and reactive solutions, bringing to market real-time risk monitoring, assessment, and remediation powered by advanced AI. The Data Secrets solutions address the unique data protection challenges of today’s most data intensive industries, including financial services, media, healthcare, information technology, across marketing, sales, customer support automation, and all parts of the digital data supply-chain.