Veritas introduces new technology to identify personally identifiable information

Veritas new Integrated Classification Engine, designed to address broad regulatory legislation like the GDPR, will be available quickly on two governance solutions, and over time will be extended to all their products.

Today Veritas Technologies is announcing the Integrated Classification Engine, a new technology that reworks how data management handles personally identifiable information. Developed within Veritas’ information governance portfolio, it will first be applied there. It is available now in Data Insight 6.0, and will be available in Enterprise Vault 12.2 in August. Ultimately, the plan is to build the engine into Veritas’ data protection and storage solutions as well as governance.

“We are incredibly excited about this announcement and the breakthrough technology which will be available across our entire portfolio, starting with these two products,” said Zach Bosin, Director of Solutions Marketing for Information Governance at Veritas.

The new technology is aimed at a relatively old problem – the rapid growth of unstructured data, including emails, documents and image files, and their exposure of organizations to potentially harmful personally identifiable information leaks.

“Last year, we identified this as growing at 39 per cent in our Veritas Data Genomics Index, and this year, it has jumped to 49 per cent,” Bosin said.

The Integrated Classification Engine lets organizations quickly scan and tag data to ensure sensitive or risky information is properly managed and protected. As a concept, it is hardly new. Many companies in the information governance field have been doing it for years. Bosin said that the way Veritas does it here is significantly different, however.

“What’s critical to understand is that what has been out there has been focused around pretty narrow use cases like HIPAA,” he stated. “New regulations like the General Data Protection Regulation [GDPR] are much more expansive in scope. While the solutions in the past has been focused on single use cases that addressed their regulation, the Information Classification Engine is much broader in terms of the patterns that that it is looking for.”

The Engine includes more than 100 pre-configured patterns for recognition of credit card and social security numbers, medical records and other PII. It also comes pre-loaded with more than 60 different policies for GDPR, HIPAA, Sarbanes-Oxley and other regulations around the globe.

“It can scan for all these sensitive data patterns right out of the box,” Bosin said.

On the other hand, the Engine is more selective in WHAT it scans.

“Previous technologies have tried to classify everything, and we think that’s misguided,” Bosin said. “It’s a very resource intensive process. Approximately 33 per cent of data under management is ROT [redundant, obsolete or trivial]. By having a better sense of what data should be classified, you will have a more efficient timeline. We can point at a PB of data and bring back results in a number of days. Less data can be knocked out in less than 24 hours.”

Bosin emphasized this is very fast by the standards of the industry.

“We leverage cloud services to power the processing, and have already seen some dramatic improvement,” he said. “It’s already super fast.”

Bosin also stressed the Engine’s user-friendly nature.

“It’s as easy as clicking a button, as far as ease of use and simplicity goes,” he said. “We also provide a universal pane of glass experience to customers.”

The Information Classification Engine is available now in Veritas Data Insight 6.0. It will be available in Veritas Enterprise Vault 12.2 in August

“These two are the most critical tools to gain visibility, so we prioritized them first, especially with GDPR coming,” Bosin said. “Beyond that, our intent is to cover our entire portfolio.”

Bosin also noted that Chapter Two of the Veritas 2017 GDPR Report, also being released today, indicates that most vendors who think they are ready for GDPR, which goes into effect in May 2018, actually aren’t.

“For Chapter Two, we did a deeper analysis among organizations who believe they are already compliant,” he said. “Of the 31 per cent who said they were ready for GDPR. Only two per cent actually checked the box on being compliant. They have significant challenges ahead of them.”

The GDPR requires notification of a data breach with 72 hours.

“61 per cent of these organizations who thought they were already compliant said that would be very difficult,” Bosin said.

58 per cent of these organizations said that they still have former employees with access to company data.

“That’s substantial risk exposure,” Bosin noted.

Bosin also indicated half of organizations are misinformed about their responsibility for regulatory compliance on data in the cloud.

“49 per cent of respondents believe Cloud Service Providers are responsible for compliance – but the opposite is true,” he said. “The primary liability is on the data controller. There’s a huge opportunity to educate the marketplace here.”

Finally, almost half – 48 percent – of organizations who believe they are compliant with GRDC do not have sufficient visibility of their data to understand where data privacy losses occur.

“This makes it impossible for them to report a breach in 72 hours,” Bosin stated.