Use Content Compliance to Meet Data Compliance Requirements.

Under Privacy Regulations, insurance companies must take action to:

Identify risks to covered information

Establish protocols for protecting it

Destroy data that is no longer necessary

 

Active Navigation Discovery Center Supports Your Team’s Processes

Compliance

Data across your network poses regulatory and compliance risks

To mitigate risk, understand what you have, where it is, and who has access to it

GDPR
GDPR
EU General Data Protection Regulations
  • Find sensitive content in dark data: take necessary action to protect it.
  • Investigate on the file level: find protected data types that are missed by other tools.
  • Manage the data at rest: make the DLP more effective for data in motion.
NYCRR
NYCRR
New York Cybersecurity Regulation (23 NYCRR 500)
  • Identify content risk: identify sensitive data, flag it, and take actions to protect it.
  • Reduce ROT: identify and delete unnecessary records to reduce the risk of unauthorized disclosure.
  • Support compliance efforts: deliver data to the DMS with compliance-related metadata.
CCPA
CCPA
California Consumer Privacy Act
  • Inventory personal data: identify consumer information and how it being used.
  • Prepare: additional state regulations are being drafted, proactively prepare for them.
  • Dispose of data as needed: comply with deletion requests from consumers from within the console.
HIPAA
HIPAA
Health Insurance Portability and Accountability Act
  • Identify health files: protect employee and client health information from inadvertent or malicious access.
  • Search with regular expressions: use established patterns to identify sensitive information such as date of birth, Medicare and health insurance numbers, and more.
  • Eliminate obsolete data: reduce risk by maintaining only what you need.

File Analysis is the Right Tool for the Job

Assess security risks and data integrity of unstructured data across information systems

Corporate file shares

Personal file shares

Cloud-based storage accounts

Applies standard and customized data identification rules

Case Study: Active Navigation identifies twice as many sensitive documents as the competition.

Problem

A 125-year-old mutual insurance company was moving their data storage to the Cloud. They needed to identify what they had, what to keep, and what to defensibly dispose of from the data of 1500 employees. In their initial attempt at information identification, they used their current cybersecurity software. The tool only scanned metadata at the folder lever and identified approximately 300,000 files with sensitive data. The company assumed that there were many more files containing sensitive data, so they turned to Active Navigation.

Solution

Active Navigation’s software works at the file level and looks at the content in the files. Our team proposed a proof-of-concept that would review the same 1 million files the previous tool had reviewed, using our contextual analysis technology. While we can customize searches, for the POC we utilized our standard out-of-the-box classification fields for sensitive data identification. From the results, the client would be able to identify all non-archival files and bring all metadata up-to-date on valuable files, prior to the migration.

Results

Active Navigation identified an additional 300 thousand files with sensitive data in the 1 million files scanned. The client assumed that they had missed some data but was shocked that that they had missed so many data points using the other tool. Once the data identification was complete, the client’s team used the Active Navigation software to recategorize documents by applying new metadata.

With the successful POC complete, they moved forward and scanned all 14TB of data on their network drives. Within one month, they had deleted 2.5 TB of redundant, obsolete, or trivial data (ROT).

IT Security

Data-at-rest is an unaddressed cybersecurity risk

You can’t protect it if you don’t know what and where it is

Discovery Center File Analysis Automates the Process

Identifies all unstructured data across the enterprise

Corporate file shares

Personal file shares

Cloud-based storage accounts

Indexes all content

Applies data identification rules

Sorts documents into 3 categories

Start typing and press Enter to search