Just like Dave, consumers and employees everywhere are required to share their personal information (Social Security numbers, driver’s license, credit card details) with third-party vendors and organizations. With comprehensive data protection laws either now on the books, like the EU General Data Protection Regulation (GDPR), or soon to be, such as the California Consumer Privacy Act (CCPA), some may assume that personal information will naturally receive the protection it deserves. Multiple data protection failures at hotel chains, social media companies, and retailers over the past 18 months; however, have demonstrated otherwise.
"We enable our customers to identify their core sensitive data, know its whereabouts, and implement proper protection protocols that ensure privacy"
According to Kevin Coppins, president and CEO of Spirion, organizations that equally prioritize both data privacy (the process of defining and restricting access to personally identifiable information to authorized parties) and data protection (implementing initiatives to secure data against unauthorized access) are more likely to succeed in protecting what matters most – securing customer and employee private information.
However, many organizations are in the pursuit of complying with a wave of new data protection regulations, which not only costs them plenty of resources and human capital but can divert their focus from data privacy. Some of these regulations include:
• California’s Internet of Things (IoT) statute, which mandates security for internet-connected devices;
• Vermont’s law regulating data brokers; and
• Colorado’s data breach law, which requires companies to impose data protection standards on their third parties.
The truth is, compliance is only the beginning of helping companies shine a spotlight on protecting what matters. These laws are intended to help companies prioritize and focus on the riskiest areas of their organization. Compliance is the first critical step for organizations into developing a robust security model that would eventually evolve to prevent reputational, legal, and financial risks.
“Therefore, I believe that it is crucial to focus on the important pieces that matter, the sensitive data that needs to be handled and managed in the most trustworthy manner, once this data is identified and secured, it further substantiates and strengthens the role of compliance within an organization's data security structure,” adds Coppins.
Empowering organizations with this ability and a laser focus on protecting ‘what matters’ is at the heart of the Spirion solution. As pioneers in designing the critical first steps of data security and privacy, Spirion specializes in providing data discovery, classification, and behavior analytics and services for its customers and partners.
Recently, Spirion helped California-based credit union, Patelco, maintain Payment Card Industry (PCI) compliance. For Patelco, accurate data classification was a non-negotiable endeavor as the company needed to meet additional PCI compliance requirements before the deadline. Against this backdrop, Patelco decided to take a privacy-first approach by inventorying and classifying all its data and attaining full visibility to determine strategic protections and actions. Spirion’s proprietary solution allowed Patelco to locate all its sensitive data, including PCI data stored on endpoints, servers, and databases. The company also reduced the total number of locations containing sensitive data making compliance easier and less expensive. With the help of Spirion, Patelco managed to meet specific regulations and took proactive action to maintain compliance on a tight deadline. After locating the data, rules were put in place to govern how and where compliance data was allowed to be stored and handled.
We help CIOs kick-start the most optimal approach to compliance by finding all the sensitive personal data stored across their enterprise and classifying it according to their business rules, allowing them to effectively protect and manage what matters to them and to their customers
As a result, Patelco was able to easily automate the protection of PCI data as required by the compliance regulation and also regularly generate compliance artifacts needed to pass internal and external audits. At the end of this journey, Patelco inventoried and classified its full slate of data, ensured where all its data was located and implemented procedures to govern it better, reduce risks, and meet compliance standards. This venture also enabled Patelco to leverage Intel Security’s McAfee ePO endpoint technology for corporate policy enforcement. In a feedback testimonial, Brent Gifford, CISO at Patelco, mentioned, “Spirion provides the necessary data to update our CEO and CIO with more detailed metrics, process review findings, compliance updates, and organizational status updates. Combined with Intel Security’s McAfee DLP, it’s a perfect marriage.”
Where It All Began
Todd Feinman and David Goldman founded Spirion when the duo discovered that the real victims of enterprise data breaches were always the people. Businesses incur losses and move on, hopefully learning a lesson and improving privacy and security. However, the victimized people suffer for years to come, and in the case of national identifiers like a Social Security Number, that is a lifetime.
Coppins says, "We enable our customers to identify their core sensitive data, where it is stored, who has access, when it was used and justify security investments to implement proper protection protocols that ensure privacy."
Bookmarking Success Along the Way
To highlight Spirion’s expertise in effectively controlling sensitive data to ensure privacy, Coppins shares the story of athenahealth, a provider of network-enabled services for healthcare and point-of-care mobile apps that sought Spirion’s help to maintain its culture of security and privacy at all endpoints.
athenahealth needed to locate and secure PHI to achieve several goals, including reducing data risks, increasing user awareness, and meeting HIPAA and HITECH compliance requirements.
After deploying Spirion as the data privacy engine of its endpoint HIPAA and HITECH security compliance, athenahealth had more knowledge of its sensitive data, where it was located, and who had access by eliminating the blindspots inherent to most security tools such as data in motion, DLP, whole disk encryption, and user behavior activity software. By combining the knowledge of where private data existed and the use of security tools, the company limited its exposure and brought them closer to regulatory requirements.
With Spirion’s expertise, athenahealth automatically discovered and classified medical record numbers, social security numbers, credit card numbers, insurance numbers, and ICD 9 and 10 codes spanning all servers and endpoints, with best-in-class accuracy and optimized security compliance.
Customer Centricity at its Core
Spirion’s success is tied to the level of accuracy that its solution offers its customers. Spirion achieves its results through customer-focused innovation. Through this spirit of innovation, the company continues to develop distinct security features that ultimately position it ahead of the curve. Catering to a wide range of customers, Spirion is aware of the struggle to keep up with the growing number of security tools and solutions in the market. To reduce the technical complexity for its customers, the company targets its offerings in the direction of simplifying the security and making it more manageable for the customer. Additionally, Spirion offers broader coverage by integrating with multiple platforms, including cloud storage, big data platforms, and Windows, mac OS and Linux —a universal advantage that brings Spirion significantly closer to customers. “More than being ‘happy’ with Spirion, our goal is to ensure our customers’ privacy initiatives are successful,” adds Coppins.
Today, as the modern corporate world becomes more aligned to the technical and lucrative aspects of businesses, Spirion carves a niche in focusing its expertise on strengthening the data privacy and protecting the integrity and identity of individuals and companies alike.
Undeniably, in the digital economy, disasters like cyber-attacks and data breaches are inevitable. However, according to Coppins, it is not a matter of 'if' but a matter of 'when' a disaster strikes and at that time knowing where one is at risk, will minimize the damage. “We help companies know what's at risk before a disaster strikes. We provide the technology to automate and simplify the process of protecting the data that matters so that when a disaster strikes, the business can protect the people,” concludes Coppins.
Spirion Releases Data Privacy Framework to Help Protect Sensitive Information Better
Spirion Extends Proven Data Privacy Manager Platform on to the Cloud revealing new holistic data privacy framework to help the organizations to detect better and protect sensitive information.
FREMONT, CA: Spirion master in building solutions enables the companies around the world to take the critical first step towards data security and privacy, announced the release of its brand new SaaS platform, Data Privacy Manager. This new cloud platform is built upon Spirion's proven architecture implemented on-premise by several businesses, agencies, and universities to protect the privacy of more than 50 million individuals.
Spirion Helps TaxSlayer® Maintain Business Continuity During COVID-19 Work From Home Order and Height of Tax Season
ST. PETERSBURG, Fla. - Spirion, the leader in data protection solutions, today announced the successful deployment of its data protection platform at TaxSlayer. Spirion gave the cloud-based DIY tax preparation software company greater agility to rapidly and securely transition its staff to work from home (#WFH), helping them maintain business continuity during the country’s Coronavirus lockdown, which was also their busiest time of the year.
On April 2, Georgia Governor Brian Kemp issued a statewide shelter-in-place order, less than two weeks before the country’s annual tax filing deadline. Within 48-hours of the mandate, Augusta, Georgia-based TaxSlayer transitioned its 300 seasonal call center staff and 200 permanent employees to work remotely, processing millions of consumer tax returns while ensuring that all filings were secure—from the point of entry, through processing, and to the data center.
Having implemented Spirion before the state’s shelter-in-place order, TaxSlayer is confident that consumers’ personal data does not live on employee workstations, but instead, is secure in their data center. Seasonal tax specialists can safely work from home since each laptop has a Spirion agent, which either locks personal data down on the endpoint or remediates the information.
“Spirion is the perfect solution and something for which we have been actively searching for a long time, even trying several alternatives, but without finding the right tool for our needs,” said Michael Blache, TaxSlayer’s Chief Information Security Officer. “Spirion provides the level of protection we need without negatively impacting productivity. Employees used to complain about previous products that we tried to implement because they would disrupt their work. With Spirion, those complaints have dropped to zero.“
“We are pleased to have helped TaxSlayer maintain business continuity during such an unprecedented event as our country’s Coronavirus lockdown,” said Jason Abbott, Spirion’s Director of Global Channel Sales and Alliances. “By automating their privacy process in a frictionless manner, TaxSlayer can protect what matters the most—the personal data of their customers and staff—while maximizing employee productivity and managing enterprise risk, freeing Michael and his team to focus on other critical business needs.”
Looking to the future, TaxSlayer will continue working with Spirion to expand its auditing of personal data, as well as scanning structured data in their SQL databases to ensure that it is following their internal policies.