Meet Regulatory Compliance Requirements with File Analysis Software

Under New York Cybersecurity Regulations and other regional regulations, financial services institutions must take specific steps to protect sensitive data:

Identify the location and risks associated with sensitive data

Design systems and processes to protect that information

Defensibly delete non-archival and non-business data

 

Active Navigation File Analysis Supports Your Team’s Processes

Compliance

Unidentified sensitive data poses regulatory and compliance risks

You can mitigate risk. Discovery where files are stored, what information they contain, and who has access to them.

SEC
SEC
Security and Exchange Commission
  • Prepare for incident disclosure: maintain an up-to-date content map to quickly determine the extent of an incident.
  • Meet the Board’s oversight requirements: proactively identify and manage cybersecurity risks throughout the organization.
  • Support cybersecurity risk management policies and procedures: make file analysis an ongoing part of your protocols.
GDPR
GDPR
EU General Data Protection Regulations
  • Find sensitive content in dark data: take necessary action to protect it.
  • Investigate on the file level: find protected data types that are missed by other tools.
  • Manage the data at rest: make the DLP more effective for data in motion.
NYCRR
NYCRR
New York Cybersecurity Regulation (23 NYCRR 500)
  • Identify content risk: identify sensitive data, flag it, and take actions to protect it.
  • Reduce ROT: identify and delete unnecessary records to reduce the risk of unauthorized disclosure.
  • Support compliance efforts: deliver data to the DMS with compliance-related metadata.
CCPA
CCPA
California Consumer Privacy Act
  • Inventory personal data: identify consumer information and how it being used.
  • Prepare: additional state regulations are being drafted, proactively prepare for them.
  • Dispose of data as needed: comply with deletion requests from consumers from within the console.

File Analysis is the only tool designed specifically to perform these functions automatically

Identifies all unstructured data across the enterprise

Corporate file shares

Personal file sharing

Cloud-based storage accounts

Indexes all content

Applies standard and customized data identification rules

Case Study: Ameritas automates its data retention and sensitive data protection processes with a single Active Navigation tool.

Problem

This project was two pronged:

First – Ameritas was storing unstructured data that represent a potential business risk, particularly given the sensitive data being held within the organization. In 2017, Ameritas initiated a pilot project to address the problem of file share sprawl. The goal of the pilot project was to implement a technology that could help them understand and manage the unstructured content in file share repositories and ensure compliance with the organization’s Records Retention Schedule. (In the past, these tasks had been performed manually, which was time consuming and cost-prohibitive.

Second – Once the State of New York issued the New York Cybersecurity Regulation (23 NYCRR 500), Ameritas needed to identify PII, PHI, PCI, etc. in order to comply with the new regulations.

Solution

For the first task, Ameritas partnered with Active Navigation to leverage our capabilities for analysis, indexing, searching, tracking and reporting on file metadata to enable file cleanup. This was underpinned by user coordination workshops and a defined records coordinator business process that would provide consistency across all divisions. After this phase, Ameritas would be able to put new processes into place to ensure ongoing compliance.

For the second task, the focus would shift to the identification of sensitive data, which meant utilizing detailed textual content analysis, rather than just metadata review. Active Navigation’s consultants worked closely with the Ameritas team to ensure the searches would identify all sensitive data.

Results

The vast majority of time-consuming manual checks were eliminated from Ameritas’ records management processes. Risk exposure, storage space, and the associated support were reduced. And, the company is able to ensure compliance with the New York DFS regulations.

Tom Robertson, manager – electronic records at Ameritas was pleased that one tool could solve both problems, “When the New York regulation came into play, we shifted our primary focus to sensitive data. The bonus is that we’re able to use the same tool to manage that compliance. When the direction changed, we were able to respond quickly because we already had the tool in place.”

The numbers

  • 95% of the files that had previously required human review were successfully reviewed with the Active Navigation software.
  • 82% of files in a business location were identified as surplus to requirements and remediated using the software.
  • 87% of files that met the 10-year retention were disposed. The remaining 13% have been retained to meet business needs.

IT Security

Data-at-rest, especially dark data, is an unaddressed cybersecurity risk

Discover what you have, to effectively protect it

Use Active Navigation File Analysis to Automate the Process

Identifies all unstructured data across the enterprise

Corporate file shares

Personal file sharing

Cloud-based storage accounts

Indexes all content

Analyzes using standard and customized data identification rules

Sorts documents into 3 categories

Start typing and press Enter to search