Preparing for GDPR (or any other Data Assessment!)
InfoGPS Networks announces a fast and effective deliverable for companies that are performing preparatory steps to comply with the pending GDPR regulations. In most cases, compliance is a murky term until a more pronounced understanding of your network assets has been made clear. With our lightweight, least privilege, secure approach to information discovery and classification, organizations can become more comfortable with their current status of information governance and create a efficient mitigation plan for gaps.
To assist in this massive effort, InfoGPS is offering a GDPR Benchmarking Service (which can be used for any regulation). This service will be supported by InfoGPS engineers and staff. The heavy lift will be performed by us! A 30-60 day project, for up to 100 endpoints (servers, desktops, laptops, USBs) will be performed for $10,000. This is the most affordable project on the market place, but more importantly, is performed by information governance experts with over 25 years of risk AND executive experience. We are unique as a software company in that we were borne by decision-maker needs rather than reaction to a new law.
What do you get:
- A fully configurable set of search terms that will discover NPI, PII, ePHI, IP, or any other sensitive enterprise content in a matter of a single day. No hardware is required, we will use your VM, your AWS, or our SOC2 data center.
- A full ranking of risk by classification for each record located (full detail), or roll up by File, Hash, Device, Location, Business Unit, and entire Organization. This provides the ability to take very quick snapshots of audit-able entities for ‘devide and conquer’ projects. It also provides a method deliver quick improvements by organizing risk as your ERM and ISRA documents are structured: by Host.
- A data concentration calculation. All data is important, most of it is not regulated. However, stale and duplicate data increases IT Operation and back-up costs.
- Financial Risk. Configurable to industry benchmarks, or unique risk values assigned by your for your enterprise, a economic factor is presented for all audit-able entities.
- Retention of Least Privilege. Traditional data classification tools may or may not copy data (we DONT), and almost all provide “clear text” options to view offending content. This dramatically increases the dispersion of sensitive content and opens access to users who should not have access to such content. Again, we DONT. In fact, we are not aware of any other entity that will quickly identify, classify, risk score, financially value, and provide very clear markers to exactly what you have and where it is right now – that retains this privacy.
- No residual footprint. No local index.
- More importantly, general match searches can provide false positives. Our patented-pending “registered data” approach allows you to specifically identify your NPI while maintaining complete privacy and control over your information
Data isn’t the only risk attribute. Changes to the environment your data is stored on is critical. In addition to the above, your reporting will include:
- Files Added to Desktop [Yesterday]
- Files Added to My Documents [Last 30 days]
- Files Added to My Documents [Yesterday]
- File Activity: summary of file life cycle activity by count
- File Type: Files by type, % of total files.
- Duplicate Files
- Files by Classification (# and %)
- Devices by Classification (# and %)
- All New Classification Records created by Category: Confidential, Strategic, Public, Internal [Last 1 Day]
- Devices by Operating System
- Devices Made Inactive [Last 30 days]
- All Files with Sensitivity Score >3 created and deleted on same day [Last 30 days]
- Files with most # of records [top 100]
- Devices Not Reporting > 5 days
- New NIC Discovered [Last 30 days]
- New Processor [Last 30 days]
- New OS [Last 30 days]
- New Installed Software [Last 30 days]
- File List with Pattern Frequency
- Data by Software Inventory
- Full File Inventory per endpoint (including system files)
- Operating System summary and versioning
- Processor information (Meltdown, Spectre risks?)
- Local Security Policy and Domain Policy details
- Users, local and domain
- NIC inventory
- Active and listening ports
- Services running
- Processes in use
- Cloud service indicators
- Full custom report requests during project without limitation.
Reach out to firstname.lastname@example.org for more information. We can get started right away.