Closing Key Data Protection and Compliance Gaps

Dynamic Data Redaction Coupled With Real-Time Controls Offers a Powerful Data Protection Solution. 

In my last blog I discussed a common and dangerous gap in data protection, the Inference Gap, and how Teleran’s Dynamic Data Redaction capability addresses this security and compliance risk. This risk especially applies to ad hoc query application environments like data warehouses or enterprise applications where authorized users can access the database via more powerful analytical tools.

Flexible, Powerful BI and Analytical Tools Open Up Data Protection Threats

Teleran’s data protection solution adds another layer of real-time control. It prevents a wide range of inappropriate queries from even reaching the database. A critical data protection and compliance gap in ad hoc query environments is where users can launch “wildcard” queries with powerful BI and analytical applications that essentially ask for all the data in a database table, including sensitive column data, without specifying any specific column. Typical dynamic redaction or masking may not stop that.

Real-time Data Protection Controls and User Guidance

If I queried all the data in a table that also includes social security column information, my query would be blocked by Teleran and an intelligent message is immediately sent back to me, within my application, telling me I can’t run unspecified queries like that, or wildcard queries. I am directed to specify in my information request or query specific data elements. In other words, the Teleran system won’t let me knowingly, or unknowingly, defeat the data protection controls. And, if I am an authorized user, this messaging informs and guides me to understand and be in compliance.

Real-Time Data Protection Messages Guide and Inform Application Users to be in Compliance

Real-Time Application User Messages Inform and Guides Authorized users to understand policies and be in compliance

This real-time messaging system enables customers to specify their own error messages to be automatically returned to the client application in the native database error message stream back to that particular user. In addition, Teleran can also send an alert to a security team or compliance team when these kinds of attempts are detected.

Combining Dynamic Data Redaction with Other Data Protection Capabilities Closes Critical Gaps

Security in general, and data protection in particular, requires a layered approach to be effective so Teleran’s solution complements capabilities such as encryption. For example, encryption protects data from outside attack, but it does little to prevent an authorized insider who has decrypted access to the data from misusing sensitive data in the database. Teleran’s Data Protection delivers a fine-grained approach to protecting sensitive data from the insider threat. These include 24 by 7 usage tracking and auditing to identify suspicious inappropriate behavior and audit reporting, as well as a sophisticated patented policy action engine that can prevent a wide range of inappropriate behaviors in real time.

This policy action engine solves the inferencing problem mentioned above, or preventing someone from changing or manipulating the data in the database, or even stopping someone from opening up a sensitive data table or column to others by preventing a grant-to-public SQL command. I should mention that Teleran automatically generates these kinds of strong controls around the use of sensitive data regardless of the application. It can drop in to any database application environment and immediately protect the data without having to spend integration time or resources building these controls into the application. So, the idea is to protect the sensitive data, but at the same time, enable authorized users productive and unencumbered but appropriate access to the data they need to run their business.

Automating Sensitive Data Discovery Maximizes Data Protection Coverage

There are some things that our customers indicated are important to them right up front. One is to help them discover what sensitive data is in their databases and how it is used. We know that in organizations today there are databases all over the organization supporting many different business functions and applications. Sensitive data can be spread out throughout the organization. So, we developed an easy-to-use sensitive data discover tool that automatically interrogates databases and identifies those columns that are likely to have sensitive data in them. The system presents the sensitive data columns back to the client, who can then confirm their sensitivity.

Pre-Built Scripts Automatically Identify Sensitive Data for Leading Data Protection Regulations Such as PCI, HIPAA and GDPR

Data Discovery identifies sensitive data with pre-built regex scripts specific to leading data protection regulations such as PCI, HIPAA, GDPR

Automatically Generating Sensitive Data Redaction and Data Protection Policies

Another capability that customers said was critical to them is automation. The Teleran system goes one step further and automatically creates specific redaction policies or query-blocking policies that can be immediately applied to protect their sensitive data. This saves our customers a lot of time, gets the job done faster, and, quite frankly, more accurately than relying on a manual process. As you know, anything that can speed time-to-protection is critical today.

Teleran Automatically Creates Real-Time Data Protection and Redaction Policies From Data Discovery

Automated Data Protection Policy Generation Maximizes Protection

 

Integrating Comprehensive Audit and Analysis 

Another critical component of the Teleran Data Protection solution is an unobtrusive method for tracking and analyzing all transactions without any overhead on the database. The Teleran system can identify up front who’s accessing what sensitive data, how are they doing it, and are they truly authorized to do that. The analysis solution guides the application of additional data protection policies as query patterns change, as the data changes. It also identifies suspicious or potentially malicious activity over time that needs to be investigated or stopped.

Redaction is very important, but it is just one of several critical functions that Teleran has integrated into a comprehensive solution for protecting data and ensuring regulatory compliance in dynamic application and database environments.

To learn more about Teleran’s Data Protection and Compliance software solution click here.


 

Recent Posts