Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Informatica Unveils Secure@Source Data Intelligence Software

By - Source: Toms IT Pro
Tags :

Informatica Corp. unveiled a data intelligence application capable of analyzing data in files and databases and then automatically classifying the data based on preset data security rules. The goal, the company said, is to ensure that confidential or restricted data, such as that protected by various privacy standards and legal requirements, are appropriately protected, no matter whether it exists in the corporate network or cloud environment.

Informatica's Anil Chakravarthy, executive vice president and chief product officer, told Tom's IT Pro that most companies do not know where all of their protected data resides. By analyzing data for preset or custom profiles, the newly launched Secure@Source software can identify either specific protected data types, such as credit card numbers or Social Security Numbers, or combinations of data that coexist in a database, such as a name combined with a policy or account number, or perhaps an address and zip code, that together create confidential or protected personal information.

Data profiles are analyzed based on information for data in context and from metadata, he said. Once the information is processed, a heat map is generated that identifies where the data resides. Data that is outside the direct control of the company, such as information that resides in a software-as-a-service (SaaS) application or in a cloud-based database, also can be identified if Secure@Source has the appropriate credentials to access and read the third-party databases. It is not necessary to have write-access to databases, Chakravarthy said, so SaaS providers likely will not present an impediment to identifying remote data.

"We take a data-centric approach," he said. Once the software is able to identify the physical location of the software, it can query its own database to ensure that the data has the appropriate security precautions in place. For example, he said, if data is identified as residing in Europe, the application can determine if it has the correct European Union security requirements in place.

For example, data that matches personally identifiable information for someone in Germany is not supposed to sit on servers located outside German borders. Another example would be a spreadsheet or database file that contains information that is considered protected by such federal regulations as HIPAA or Sarbanes-Oxley, or perhaps the industry-specific Payment Card Industry Data Security Standard developed by credit and debit card brands.

Just as security information and event management (SIEM) software analyzes the network layer for anomalies, Secure@Source looks at the data layer to ensure that data matches the various profiles and has the appropriate security precautions in place. Data that is not appropriately secured is flagged.

In addition to finding existing sensitive data, the new offering will also be able to find data that is duplicated, either accidentally or deliberately. Sometimes data is duplicated in order to make it easier for an employee to work on a specific file, even if duplicating the data is in violation of company policy. Because Secure@Source scans the entire network for data that matches a given profile, it can find information in unanticipated locations, Chakravarthy said.

Often, CISOs build their corporate defense environments to protect against unusual security risks but ignore the common or mundane security risks. One such mundane risk could be a file that was copied from a secure network location to a local drive that might have less built-in security because an employee was working on that data. Secure@Source would be able to find unauthorized copies of files or files that are stored inappropriately on insecure servers or cloud sites.

The software is available as a subscription service. Pricing was not finalized by press time.