July 28, 2020
It’s not just data sprawl and privacy breaches that poses a risk to your business—data privacy regulations are also increasing and companies must keep up with the changes and prepare to act as new regulations emerge. An article in Security Intelligence says, “the rate of change is overtaking the capacity to respond and maintain data privacy compliance.”
Only a scalable data privacy management tool can help you locate and reduce your sensitive data as you grow.
What to look for in a scalable data privacy management solution
When your organization is choosing a software to manage its data privacy, there are many factors to consider, including several that can affect scalability.
Don’t sacrifice accuracy for speed
Traditional data discovery scans can take too much valuable time to yield accurate results. Instead, some data and compliance professionals, under pressure to save time, trust a tool that moves faster while also sacrificing accuracy, omitting certain locations, and missing context.
These design choices don’t result in thorough discovery as they yield false positives – or even worse, false negatives, leaving gaps in location coverage. This fails to provide the depth of information required to understand the context of the data found resulting in concerns over accurate compliance with privacy regulations.
Choose a hybrid of agent-based and centralized Scanning
One of the questions information security professionals wrestle with in selecting a tool for data privacy management is whether to choose an agent-based or agentless (centralized) solution.
Some discovery solutions offer only agentless scanning, where all data is read by a single centralized deployment of cloud-based software. While this centralized approach can be simpler to deploy and maintain, it may also have significant limitations and performance issues, including:
- Network contention and congestion on internal LANs, across firewalls, and during transit of Internet connections.
- Consumption of excessive Internet bandwidth needed by other critical functions like off-site backups and other SaaS applications
- Significant cloud repository egress fees may be incurred when data is scanned in a cloud repository without using an agent within or directly adjacent to the cloud repository.
In most cases, a hybrid of agent-based and centralized scanning provides optimal flexibility and scalability for data privacy management. The best option deploys agents where necessary while still providing robust centralized, automated, and highly scalable agentless scanning options for consistently high performance and comprehensive discovery.
Minimize false positives and false negatives
Both false positives and false negatives cause harmful inefficiencies for data privacy management. While false positives may be frustrating and time-consuming, false negatives are a real liability, especially when scanning to support regulatory compliance efforts. False positives flood the system with meaningless information, while false negatives leave gaps in coverage.
Keep in mind bandwidth, capacity, and contention
Bandwidth and capacity are also a concern for managing data privacy due to the high volume of data. To compensate, keeping the scanning software or agent as close to the data as possible can greatly reduce bandwidth requirements and avoid contention with other users.
Scalability and performance with Spirion’s Data Privacy Manager
Spirion’s Data Privacy Manager (DPM) allows for the use of the most appropriate scanning method for the task at hand to avoid compromises and maximize the total ROI. Local agents can be deployed directly on servers and PCs where advantageous. Meanwhile, cloud agents can be used to scan both repositories and or a combination of cloud and on-premises locations.
On-prem agents are usually deployed to on-premise workstations, PCs, servers, or other local platforms. They make highly effective use of local compute resources and the high bandwidth/low contention storage busses connecting disk drives to the server or PC they are running on. Because only the scan results are returned to the DPM Console, On-Prem Agents greatly reduce network bandwidth and content issues.
Cloud agents, running on the Azure platform, work from a shared global search history, so they are aware of what other agents have already scanned. This eliminates duplicative rescanning while ensuring a complete and thorough scan.
Cloud agents can be automatically added or destroyed, and groups of Cloud Agents can be launched as an Agent Team wherever needed. This offers time and cost efficiencies with no pre-configuration overhead or dedicated hardware requirements.
Cloud Watcher is similar to a cloud agent but, rather than performing scans on demand or based on a preset schedule, Cloud Watcher starts a new scan by a cloud agent whenever a cloud repository API indicates the presence of new or changed data. This capability improves the performance and scheduling impact of scanning for new or changed data by only scanning when necessary.
By combining sets of cloud agents or on-prem agents into an agent team, DPM breaks the work into small segments, allowing for distributed or parallelized scanning that greatly reduces overall scan times. Agent teams are fully automated and highly scalable – you simply select a set of Agents to use and DPM figures out how to divide and distribute the scan process across them, sharing a global scan history to ensure that no work is duplicated. As additional Agents configured for the scan become available, they check a queue for the next available scan portion and begin scanning immediately
Data Privacy Manager offers choice to deploy agents where necessary while still providing robust centralized, automated, and highly scalable agentless scanning options for consistently high performance and comprehensive discovery.