Say It, Do It, Prove It: What’s New In Compliance Guardian

Post Date: 02/27/2014
feature image
Greetings from the RSA Conference 2014! I’m here with thousands of security professionals sharing best practices and learning about all things surrounding data security and privacy. With privacy breaches and security threats making the nightly news around the world, there’s never been a better time to discuss these pressing topics. It’s becoming increasingly obvious to most enterprise organizations that personal information and the sensitive data that their companies hold is extremely valuable. Whether personally identifiable information (PII), protected health information (PHI), financial data, contract information, research and trade secrets, intellectual property, or contract data – and the list goes on and on – this kind of information has become a new kind of “currency” and some have even called personal information the new “oil”. Companies like Google and Facebook have become multi-billion dollar organizations by offering “free” services simply by being able to attract their users to share personal information so that companies can then in turn use the collected data to learn about the users and enable sponsors to carry out targeted advertising. However, whether by accident or breach, inappropriate disclosure of sensitive data can have dramatic financial impacts on an organization and can erode consumer trust. Companies may be subject not only to regulatory fines and censure as well as potential civil and criminal liability, but also may end up with government auditors reviewing their practices for decades into the future. A 2013 study by Forrester Research found that the highest percentage of data breaches (approximately 38%) are caused by employees simply making mistakes. The good news here is that this should be highly preventable. With the release of AvePoint Compliance Guardian Service Pack (SP) 2, AvePoint has expanded its enterprise governance, risk, and compliance platform, allowing organizations to document their policies, implement and measure them and demonstrate conformance. Compliance Guardian mitigates privacy, security, and compliance risks across your information gateways with a comprehensive risk management process that allows you to say what you do, do what you say, and prove it! Say it. Do it. Prove it! Say it: Establish information governance and security policies to ensure sensitive or regulated content is classified, secured, and stored appropriately. Scan enterprise content against a range of out-of-the box or customizable checks to be able to scan against privacy, security, or accessibility regulations or guidelines. Do It: Enforce compliance with information governance policies with automated action to delete, move, redact, secure, or encrypt risk-defined content. Prove It: Prove policy compliance with ongoing monitoring and incident tracking. Produce detailed reports of both preventative and corrective actions taken to ensure content is uploaded, stored, classified, and secured in accordance with your information governance policies.  Combine human review with automated process to ensure risk report accuracy.  You’ll be able to confidently report on risk levels at any point in time, as well demonstrate to chief security personnel progress in reducing overall organizational risk. Historical or more “traditional” security models were focused on “perimeter-based security” where Security Officers focused their efforts on building walls to keep information “in” and keep adversaries “out”, that approach in and of itself is more and more difficult to maintain in a business landscape with transparent boundaries. First, if you build a “ten foot wall” then your attackers will come with an “eleven foot ladder” – forcing you to build a “twelve foot wall” and so on. Second, how to you build a wall around information when that information is no longer maintained in a central system – or “the castle” – but rather flows through different systems, accessed by people with different roles and across different devices? Compliance Guardian provides the ability for companies to focus on “what” data they actually need to protect. What defines your “crown jewels”? Do you need to put the same level of effort behind protecting pictures from the company picnic as you do behind protecting your customer data or trade secrets? Compliance Guardian enables data aware security policies that provide an opportunity for organizations to build a more layered approach to security, prioritizing where efforts (and costs) should be spent, and building multiple lines of defense. Further, Compliance Guardian makes it easier for your employees to do their job successfully while building a more secure environment includes implementing a culture and technology systems where privacy and security controls are not limited to once-a-year training sessions, but rather an ever-present culture of compliance where it is easier for your employees to do the right thing than to do the wrong thing. Companies must create a transparent security organization to discourage employees from working around security. Key new capabilities in our SP 2 release include support for cloud platforms such as Office 365 and social platforms such as SharePoint Social and Yammer, expanding our concept of Compliance Guardian as “one system that works where you work.” New cloud and social services will be added throughout our 2014 iterative updates. Compliance Guardian introduces a greatly enhanced reporting and tracking system with its top level Incident Management System to track and deal with privacy and security breach management concerns. It includes Human Auditor, Quarantine Manager, Encryption Manager, and Redaction Manager for content status management and report recalculating. Compliance Guardian keeps a record of every file it touches and the status of the checkpoints being used to manage the file sources. The Incident Management System can be used to do a query for all files that have human review or for what specific checkpoint by data source and test suite, or other saved document properties are available. Beyond our updated Action Report, Compliance Guardian also introduces new reporting and monitoring with enhanced graphical reports for our Risk Calculators and also with Information Painting for HTML content for more visual representation of compliance issues. Put simply, Compliance Guardian is a world-class enterprise governance, compliance and risk management system ready to take on the challenges your organization is facing around security, privacy, and so much more. To learn more, please visit our website today!

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all posts by Dana S.

Subscribe to our blog