Guarding data then, now, always.
We were just pups.
Fifteen years ago, the world of data was a much different place.
Spirion founded and initial name was called Velosecure LLC.
Product Launch of on-premises solution “Identity Finder”
Company began dominating Higher EDU field and hired its first Account Executive team
Began penetrating healthcare, state and local governments and research laboratories – in addition to Higher EDU
Heavy shift made to B2B audience and the innovation continued by adding Image Search capability to product offering
Company began expanding its sophisticated data discovery technology to finance, retail, manufacturing and telecommunications
Sensitive Data Classification and scanning of Linux endpoints added and product name re-rebranded to Sensitive Data Manager
Sold to IGI – Company fully rebranded as Spirion – fun fact: SPI stands for sensitive personal information / irion is Celtic for “King” – Spirion is the King of sensitive data protection
Spirion is globally recognized as a leader in sensitive data security after tracking down the lost data from Sony’s December 2014 breach. Spirion’s analysis was used as evidence in a successful class-action lawsuit.
Spirion pivots from pure data discovery to a powerful multi-step solution that minimizes personal data risks by reducing the target and tagging data based on its risk profile and adds Spyglass technology, showing advanced heat mapping of where unprotected sensitive data resides (both structured and unstructured data)
Riverside Private Equity Firm acquires company with strong cloud investment
New CEO, Kevin Coppins, named with focus on shifting company from single cybersecurity product to a multi-product, cloud privacy platform
Spirion enters the cloud and launches Sensitive Data Platform + expands its offerings in both security and privacy by adding a threat monitoring tool and automated DSAR fulfillment. Spirion becomes the single source of truth for sensitive data.
Spirion launches its Governance Suite to combine all Spirion products into one proactive privacy and security posture.
A letter from Billy VanCannon,
Head of Product at Spirion
When it comes to innovation, they teach you in business school to find problems that people are having and solve them. The founders of Spirion, David Goldman and Todd Feinman, were ahead of their time when they saw back in 2006 that personal information on computers was a problem waiting to happen. Their first product was intended for consumers to put on their home computers (right along with anti-virus) to search for personal information so that it could be removed.
It is also taught in business school that you might not always get it exactly right the first time (or second or third), so fail fast and pivot. Todd and David pivoted to higher education, where personal information is needed for enrollment, financing, alumni connections, keeping grades and storing intellectual property. These billions of records were a perfect proving ground for honing discovery algorithms. In 2014, the Sony hack reinforced Todd and David’s belief that personal information was the most important thing to protect. They felt Sony would eventually be fine, but the personal information lost could be damaging to the employees and customers of Sony forever.
The data security and privacy industry has gone through pivots of their own. Back when I was running a SOC at Motorola, the assumption was that you had a physical data center located at headquarters to protect. So you put it on a LAN, dropped a firewall in front of it, installed anti-virus on the Windows machines (it was thought virus weren’t an issue on Linux and Macs were not considered at all), and tracked your logs in a centralize syslog sever that connected to a SIEM. This was the “castle and moat” approach.
The castle-and-moat approach failed (or is failing) for two key reasons. 1. It is easy to get around the moat. Of course, there are sophisticated attackers that can figure out ways directly through the firewall, say when zero-days came along or they spot bad configurations, but it is way easier to use social engineering on the organization’s employees. The primary way is through email where users can be tricked to download malware right into the local network or be tricked into giving up credentials on a fake website. Once in, the bad guys can move around freely for as long as they are careful and exfiltrate data on their own time. 2. The second reason is there is no moat. From the cloud, to BYOD, and now to remote workers, there is no “perimeter” that can be guarded.
The next phase was, and still is, “zero-trust” where we accept that there is no moat and put access controls around the data assets (laptops, servers, databases, IaaS storage, SaaS applications) themselves. This is certainly a step-up in security, but it too has issues. The first issue is how to put access controls on all those assets, and how strong should those controls be? The second issue is the sheer number of resources to implement zero trust is out of reach for most organizations. Finally, zero-trust can lower the “blast-radius” of an attack, but at the end of the day, if an employee downloads malware to their computer, it can still get access to that computer at the least, and maybe through that computer, get access to other assets.
At Spirion, we believe that zero-trust is still key, but believe that the data must be what drives the strategy for implementing security. Finding the data should be the first step in any security or privacy program and filling out questionnaires isn’t good enough. Only by scanning the data can an organization be sure that they are protecting the right assets with the right security. Our customers confirm this with stories of finding millions of credit card or social security numbers on the laptops of people who shouldn’t have them. Most of the time, people are not malicious, they are simply trying to do their jobs. But malicious or not, this proliferation of sensitive data is a real problem and Spirion is here to solve it.
“I remember the very moment I decided to work for Spirion (then, Identity Finder) was during an impromptu interview for an open Sales Engineer position. When Nick described how our search engine worked, and how our AnyFind technology returned matches, I was blown away at how powerful a tool that could be for finding anything.”Rob Server, Field CTO, Spirion
“Spirion is deserving of a Great Place to Work certification because of the tremendous focus the leadership team places on employees. They treat employees as people (rather than commodities) and acknowledge their teams like a family.”Pete Smith, Software Development, Spirion
“The data protection and privacy industry moves at a breakneck pace. Organizations that succeed in this cutting-edge technology area need to innovate their culture along with their product. Spirion understands that the people behind the product matter just as much as the product itself and is positioned to continue to grow in this strong market.”Ryan O'Leary, Research Manager for Privacy and Legal Technology at IDC
“As the company celebrates its 15 year anniversary, the main theme that comes to mind is support, which applies to both our employees and our customers. We hire passionate people that are interested in solving real world problems and we reward and value them for that dedication. Those values can be felt and in turn, translates to our customers as we are consistently told by them that the support we provide makes a noticeable difference in helping their organization succeed.”David Goldman, co-founder, Spirion