In Search of Smarter, Scalable Data Protection

By Ray Everett, Chief Privacy Intelligence Officer, Data Secrets

When the first privacy-centric risk and compliance solutions were hitting the market around 2010, there was great hope that strategic application of the latest technologies would turn the tedium of privacy and data governance into a breeze. Unfortunately, more than a decade later the dreams of truly automated solutions are still largely unfulfilled, leaving privacy professionals not only more work, but with growing blind spots in critical areas of their data environments.

Data transfers across complex webs of cloud and SaaS applications, tangles of APIs, and poor visibility into how data is actually being used both within and outside of the enterprise — these are the things that are keeping too many privacy, security and risk management professionals awake at night.

It is precisely because of these opportunities in the “privacy tech” space that I am so excited to be part of Data Secrets, a company laser-focused on building the next generation of automated compliance solutions to solve the challenges facing enterprise data governance leaders.

When I was appointed in the late 1990s to be the first Chief Privacy Officer of the Internet era, the idea of an executive role dedicated to managing privacy risk and compliance seemed somewhat avant-garde. Two decades later, a job that seemed curious and unique has become a mature profession with more than 50,000 members. As the role has matured, the tools used for privacy and data governance have also evolved, but not quickly enough.

Many companies in the privacy tech space have slick-looking tools for organizing data, making reports, and even managing risk assessment questionnaires. But few offer real-time monitoring of risks. Even fewer deliver insights into why particular activities represent areas of risk. And none offer automated risk analysis and remediation capabilities, requiring substantial manual intervention by subject matter experts for even the most basic risk determinations and remediation efforts.

At Data Secrets, we are building a brilliant team of experts in artificial intelligence, data science, and scalable data architectures. To this deep bench, and with the support of the co-creation studio at The Hive, I am bringing my twenty years of experience designing and building privacy compliance, risk management, and data governance programs for dozens of the largest and most dynamic companies in the world.

My role will be to lead development of products that enable smarter, more scalable methods for identifying risks. Our initial focus is on the kinds of issues that were among the most intractable I faced during my career, specifically: the threats that arise from SaaS applications and APIs, which represent the greatest risks from data leakage, poorly monitored data sharing and unauthorized usage.

Key to properly managing these risks is understanding data lineage, not only within systems like SQL databases, but also across all the cloud-based/cloud-native and SaaS applications used by today’s modern organizations. Using powerful artificial intelligence (AI) based, Data Secrets is building applications that make data governance risks more easily identifiable, quantifiable, and actionable across your entire data ecosystem and beyond.

Our solutions will fill critical gaps in the tools available to today’s enterprise privacy risk and compliance programs, and do it in ways designed for the realities of your workflows. In short, we are building tools that help you focus on the types of threats and challenges that we wrestled with when we were in your shoes.

Too many of the solutions in the market today are built on someone’s idealized vision of a compliance program, and while well-intentioned, they often do not map very effectively to the day-to-day experiences of privacy and risk management stakeholders. This bias is especially apparent in the many flavors of data discovery that nearly every solution touts, as if scanning and cataloging an organization’s many data repositories was the end of the story.

While data discovery is valuable, the far more challenging task is understanding the story — the secrets if you will — that both data lineage and application lineage have to tell.

To do this at scale, you need active monitoring of data sources and destinations, including scrutiny of the ever-expanding collection of APIs that, while core to modern data-intensive organizations, also represent some of the most significant threat vectors facing a data governance program. And beyond merely identifying basic risks or collecting a pile of data flows or monitoring reports, a truly intelligent solution will use AI to better understand and prioritize risk analyses, trigger policy-based risk assessments, and drive in-line solutions to ensure risk remediation can operate at the speed of your business.

Our focus on actively monitoring high-risk applications and APIs, including deep analysis of data lineage across not only repositories like SQL databases but also lineage across your cloud and SaaS applications, the Data Secrets solutions can make an immediate positive impact on your risk posture and confidence in your data operations.

The yawning gap between many of today’s supposed “best-of-breed” risk management tools and the realities of the challenges facing today’s data governance leaders is why this is a great time to be working in the field of privacy tech. And it is why I’m especially thrilled to be a part of building the next generation of intelligent data governance solutions at Data Secrets.