Detecting and protecting the vast amounts of sensitive data enterprises control is a huge challenge, especially as cloud adoption rises and the Internet of Things (IoT) expands. And that was before the rapid emergence of generative AI.
Now, the problem is even worse -- organizations are putting more personally identifiable information (PII) into models and platforms. According to a report by Menlo Security a year ago, attempts to put such information into generative AI platforms accounted for 55% of data loss prevention (DLP) events. Confidential documents made up 40% of input attempts that triggered DLP detections, the cybersecurity company found.
But now, data management company Komprise is attempting to address the issue -- or, at least make it easier and faster to find and flag that PII so it can be moved and protected. The company is adding new capabilities to its Komprise Smart Data Workflow Manager that will allow enterprises and MSSPs to use regular expressions and keywords to automate the work of finding and tagging sensitive data and moving it to locations where it can be protected.
“Komprise’s intelligent data management capabilities directly address the growing PII challenge by allowing organizations to identify PII across storage silos,” Brian Hartwell, vice president of worldwide partner sales for Komprise, told MSSP Alert, adding that the new features help “MSSPs and their customers discover and categorize PII, no matter where it resides – in on-premises storage or across multiple cloud environments. This ability to identify sensitive data at scale is foundational for building a robust cybersecurity posture.”
Bad Actors Target PII
Threat groups are increasingly targeting such sensitive information because of its high value for extortion schemes, resale on the dark web, and its usefulness in gaining initial access into targeted systems, Hartwell said.
Organizations that want to expand their cybersecurity capabilities can use Komprise’s expanded functionality to better bridge the gap between data storage and security by making PII more manageable, secure, and compliant, he said.
“For MSSPs and MSPs, this means an opportunity to offer enhanced services that address both the technical and compliance aspects of data security,” Hartwell added.
Getting Control of Sensitive Data
PII is a tricky problem for organizations to solve, according to Anshu Sharma, co-founder and CEO of Skyflow, which builds a privacy fabric across a company’s technology stack. In a blog post last year, Sharma noted a report by the Institute of Directors and Barclays that found that more than 40% of businesses don’t know where their critical data is.
“PII can be scattered across multiple systems, databases, and cloud services, making it hard to get a comprehensive view,” he wrote. “This makes the footprint for where PII could be really big. Without visibility into your PII landscape, it's impossible to properly secure and govern access to this sensitive data.”
The New Tools
New PII management capabilities announced Wednesday by Komprise include selecting which PII data types to scan for – such as credit card numbers, national IDs, and email addresses – finding text patterns in their data through both keyword and regular expression searches to identify data formats like employee IDs, product or project codes, and protected health information.
Organizations and MSSPs also can detect sensitive information stored behind enterprise firewalls to ensure it stays in place, set up workflows to confine or move data to safe locations, pre-process the data before it is used for AI, and have workflows run periodically so Komprise’s tools can find new sensitive data to detect, tag, and mitigate.
The new PII data detection and protection features are now in early access for customers and partners and will be generally available at the end of the first quarter.
Benefits for MSSPs, MSPs
For Komprise’s 300-plus partners – including MSSPs and MSPs – the new capabilities will enhance their service offerings, deliver value-added services, and ensure compliance with the growing number of data management regulations.
“MSPs are deploying and managing technology for enterprises across the IT infrastructure stack, and it all comes back to data,” Hartwell said. “The ability to have a simple, automated way to search across storage for PII and other sensitive data, tag it as such, and then ensure it is managed appropriately is a game-changer.”