Spirion: Protecting What Matters Most–Sensitive Data

Follow Spirion on :

Kevin Coppins, President & CEO Like any millennial, Dave has learned to live with the unsaid conditions of conducting business in the modern digital world. Nearly every business engagement requires that he share his private information in exchange for more personalized service and support. Indeed, it has become the norm for organizations to collect massive amounts of data from customers, but it all seems dubious to Dave, who has no means to determine the whereabouts and course of his data after it leaves him.

Just like Dave, consumers and employees everywhere are required to share their personal information (Social Security numbers, driver’s license, credit card details) with third-party vendors and organizations. With comprehensive data protection laws either now on the books, like the EU General Data Protection Regulation (GDPR), or soon to be, such as the California Consumer Privacy Act (CCPA), some may assume that personal information will naturally receive the protection it deserves. Multiple data protection failures at hotel chains, social media companies, and retailers over the past 18 months; however, have demonstrated otherwise.

"We enable our customers to identify their core sensitive data, know its whereabouts, and implement proper protection protocols that ensure privacy"

According to Kevin Coppins, president and CEO of Spirion, organizations that equally prioritize both data privacy (the process of defining and restricting access to personally identifiable information to authorized parties) and data protection (implementing initiatives to secure data against unauthorized access) are more likely to succeed in protecting what matters most – securing customer and employee private information.

However, many organizations are in the pursuit of complying with a wave of new data protection regulations, which not only costs them plenty of resources and human capital but can divert their focus from data privacy. Some of these regulations include:
• California’s Internet of Things (IoT) statute, which mandates security for internet-connected devices;
• Vermont’s law regulating data brokers; and
• Colorado’s data breach law, which requires companies to impose data protection standards on their third parties.

The truth is, compliance is only the beginning of helping companies shine a spotlight on protecting what matters. These laws are intended to help companies prioritize and focus on the riskiest areas of their organization. Compliance is the first critical step for organizations into developing a robust security model that would eventually evolve to prevent reputational, legal, and financial risks.

“Therefore, I believe that it is crucial to focus on the important pieces that matter, the sensitive data that needs to be handled and managed in the most trustworthy manner, once this data is identified and secured, it further substantiates and strengthens the role of compliance within an organization's data security structure,” adds Coppins.

Empowering organizations with this ability and a laser focus on protecting ‘what matters’ is at the heart of the Spirion solution. As pioneers in designing the critical first steps of data security and privacy, Spirion specializes in providing data discovery, classification, and behavior analytics and services for its customers and partners.
Coppins says, “We help CIOs kick-start the most optimal approach to compliance by finding all the sensitive personal data stored across their enterprise and classifying it according to their business rules, allowing them to effectively protect and manage what matters to them and to their customers.” To date, the company has catered to multiple industry verticals including retail, financial services, healthcare, education, and telecommunications, with a track record of enabling thousands of organizations worldwide to gain stronger command and control of their data security and privacy. It is a no-brainer that companies that have been demonstrating respect for their customer data are, in turn, recognizing an increase in brand trust and market value.


We help CIOs kick-start the most optimal approach to compliance by finding all the sensitive personal data stored across their enterprise and classifying it according to their business rules, allowing them to effectively protect and manage what matters to them and to their customers

Recently, Spirion helped California-based credit union, Patelco, maintain Payment Card Industry (PCI) compliance. For Patelco, accurate data classification was a non-negotiable endeavor as the company needed to meet additional PCI compliance requirements before the deadline. Against this backdrop, Patelco decided to take a privacy-first approach by inventorying and classifying all its data and attaining full visibility to determine strategic protections and actions. Spirion’s proprietary solution allowed Patelco to locate all its sensitive data, including PCI data stored on endpoints, servers, and databases. The company also reduced the total number of locations containing sensitive data making compliance easier and less expensive. With the help of Spirion, Patelco managed to meet specific regulations and took proactive action to maintain compliance on a tight deadline. After locating the data, rules were put in place to govern how and where compliance data was allowed to be stored and handled.

As a result, Patelco was able to easily automate the protection of PCI data as required by the compliance regulation and also regularly generate compliance artifacts needed to pass internal and external audits. At the end of this journey, Patelco inventoried and classified its full slate of data, ensured where all its data was located and implemented procedures to govern it better, reduce risks, and meet compliance standards. This venture also enabled Patelco to leverage Intel Security’s McAfee ePO endpoint technology for corporate policy enforcement. In a feedback testimonial, Brent Gifford, CISO at Patelco, mentioned, “Spirion provides the necessary data to update our CEO and CIO with more detailed metrics, process review findings, compliance updates, and organizational status updates. Combined with Intel Security’s McAfee DLP, it’s a perfect marriage.”

Where It All Began

Todd Feinman and David Goldman founded Spirion when the duo discovered that the real victims of enterprise data breaches were always the people. Businesses incur losses and move on, hopefully learning a lesson and improving privacy and security. However, the victimized people suffer for years to come, and in the case of national identifiers like a Social Security Number, that is a lifetime.
Feinman and Goldman found it incredibly shocking when organizations did not know the location or usage of their most sensitive data. The suboptimal tools and approaches in the industry left a considerable gap at best, but at worst gave a false sense of security, and the biggest offenders of relying on those tools were the companies that showed up as data breach headlines every week.

Coppins says, "We enable our customers to identify their core sensitive data, where it is stored, who has access, when it was used and justify security investments to implement proper protection protocols that ensure privacy."

Bookmarking Success Along the Way

To highlight Spirion’s expertise in effectively controlling sensitive data to ensure privacy, Coppins shares the story of athenahealth, a provider of network-enabled services for healthcare and point-of-care mobile apps that sought Spirion’s help to maintain its culture of security and privacy at all endpoints.

athenahealth needed to locate and secure PHI to achieve several goals, including reducing data risks, increasing user awareness, and meeting HIPAA and HITECH compliance requirements.

After deploying Spirion as the data privacy engine of its endpoint HIPAA and HITECH security compliance, athenahealth had more knowledge of its sensitive data, where it was located, and who had access by eliminating the blindspots inherent to most security tools such as data in motion, DLP, whole disk encryption, and user behavior activity software. By combining the knowledge of where private data existed and the use of security tools, the company limited its exposure and brought them closer to regulatory requirements.

With Spirion’s expertise, athenahealth automatically discovered and classified medical record numbers, social security numbers, credit card numbers, insurance numbers, and ICD 9 and 10 codes spanning all servers and endpoints, with best-in-class accuracy and optimized security compliance.

Customer Centricity at its Core

Spirion’s success is tied to the level of accuracy that its solution offers its customers. Spirion achieves its results through customer-focused innovation. Through this spirit of innovation, the company continues to develop distinct security features that ultimately position it ahead of the curve. Catering to a wide range of customers, Spirion is aware of the struggle to keep up with the growing number of security tools and solutions in the market. To reduce the technical complexity for its customers, the company targets its offerings in the direction of simplifying the security and making it more manageable for the customer. Additionally, Spirion offers broader coverage by integrating with multiple platforms, including cloud storage, big data platforms, and Windows, mac OS and Linux —a universal advantage that brings Spirion significantly closer to customers. “More than being ‘happy’ with Spirion, our goal is to ensure our customers’ privacy initiatives are successful,” adds Coppins.

Today, as the modern corporate world becomes more aligned to the technical and lucrative aspects of businesses, Spirion carves a niche in focusing its expertise on strengthening the data privacy and protecting the integrity and identity of individuals and companies alike.

Undeniably, in the digital economy, disasters like cyber-attacks and data breaches are inevitable. However, according to Coppins, it is not a matter of 'if' but a matter of 'when' a disaster strikes and at that time knowing where one is at risk, will minimize the damage. “We help companies know what's at risk before a disaster strikes. We provide the technology to automate and simplify the process of protecting the data that matters so that when a disaster strikes, the business can protect the people,” concludes Coppins.

Company
Spirion

Headquarters
St. Petersburg, FL

Management
Kevin Coppins, President & CEO

Description
Spirion is a pioneer in designing the critical first step of data security and privacy. With its data discovery, classification, and behavior software and services, Spirion is able to position its customers and partners for unparalleled security and compliance. Since 2006, Spirion has equipped thousands of organizations worldwide to gain stronger command and control of their data security and compliance. Today, Spirion is installed across multiple industries — including financial services, healthcare, education, and defense. Spirion is dedicated to its partners and considers them as an extension of its sales team. By focusing on customized tools for sales, marketing, and technical support, the company provides the right equipment for success

Spirion