Sanas, the accent translation giant encountered considerable difficulties protecting its sensitive data. The business looked to OptIQ Data Security Platform for a solution. OptIQ provided full data visibility and classification, a smooth implementation experience, and removed the requirement for manual data discovery. OptIQ helped in managing data movements across a cross-functional team, providing actionable insights on who was accessing what data and how. This increased overall data visibility by 93% and helped in meeting regulatory requirements, while securing large volumes of sensitive data.
Sanas, a leading tech company, faced some pretty hefty challenges when it came to managing and securing their sensitive data. They handle a ton of audio files every day, converting them into text using Automatic Speech Recognition (ASR). Naturally, this process generates a lot of data, some of which is quite sensitive.
"We needed to have a complete understanding of our data inventory, its location, and its security status. It’s absolutely crucial for our operations," explains the Chief Information Security Officer.
But here's the catch: the security team was struggling to keep track of these sensitive transcripts within their massive data ecosystem. They couldn't see where the sensitive data was stored or pinpoint the exact types of sensitive information in the transcripts. This lack of visibility made it really tough to implement the right security measures and data classification policies.
"Our old method required us to manually locate data storage, which meant a lot of sensitive information could slip through the cracks," the CISO admits.
Sanas' operations only made things more complicated. Different subteams within Engineering and Machine Learning units were spread across various countries, making data access and movement hard to manage.
The security team was also worried about potential misuse of data. For example, what if the machine learning teams accidentally used sensitive customer data to train models without proper permissions? Or what if engineering teams copied sensitive data to pre-production environments for testing, or employees downloaded sensitive information to their personal devices? Their current Endpoint Detection and Response (EDR) solution just wasn't cutting it in terms of providing the necessary visibility into these risks.
On top of all this, compliance management was a major headache for Sanas. Gathering compliance-related evidence was a time-consuming process for the engineering, machine learning, and DevOps teams. They lacked real-time visibility into compliance status and data protection metrics, making it challenging to ensure they were meeting regulatory requirements and internal data protection policies. This not only increased the risk of non-compliance but also made it tough for Sanas to show their commitment to data protection to customers and regulatory bodies.
All these challenges pointed to the urgent need for a comprehensive data security solution. They needed something that could offer better visibility, automate sensitive data discovery and classification, monitor data movements across teams, and streamline compliance management. That’s where OptIQ came in.
Data Discovery & Classification
To tackle Sanas' data security challenges, OptIQ provided a robust solution for Data Discovery & Classification. Sanas had a mix of structured and unstructured data spread across various platforms like databases, data warehouses, and data lakes. OptIQ's AI-powered platform was designed to handle this complex data landscape.
OptIQ quickly addressed the visibility issues by identifying and classifying sensitive data within these transcripts accurately and swiftly. This gave Sanas a comprehensive view of their data landscape, inventory, and the different categories of sensitive data. The classification engine from OptIQ offered complete visibility across Sanas' hybrid and multi-cloud infrastructures, managing data across various teams and locations. It scanned the sensitive data and categorized it into different types like PII, PCI, PHI, Financial, and other business sensitive data. This granular classification enabled Sanas to implement the right security measures and access controls for different data types.
Data Access Governance
OptIQ improved Sanas' data security framework with a comprehensive Data Access Governance solution. This system ensured that the ML team could access and use sensitive data efficiently while maintaining strict security protocols. It aligned data access with specific business needs and job functions, following the principle of least privilege. Team members could only access the data necessary for their roles, preventing unauthorized use in model training or copying to pre-production environments. This enhancement significantly improved data protection.
The platform introduced dynamic governance features, allowing real-time adjustments based on changing project needs or team member status. It provided comprehensive audit trails and monitoring capabilities, enabling Sanas to track and review all data access activities. This resolved their compliance management struggles by offering real-time visibility into compliance status and data protection metrics. This solution significantly reduced compliance risks and demonstrated Sanas' commitment to data protection to customers and regulatory bodies.
Compliance Management Solution
Sanas partnered with OptIQ to manage compliance with standards such as HITRUST, NIST, HIPAA, GDPR, CCPA, and PCI-DSS. OptIQ's compliance management toolkit proved particularly effective, connecting various functions and providing full visibility at each step for the security team and all stakeholders across the organization.
During the first few weeks, systems were configured to meet baseline compliance criteria. OptIQ's automated policy management helped pinpoint the configurations that needed correction for compliance. The solution also provided automated compliance evidence, saving the team significant effort. OptIQ's real-time visibility into compliance status and data protection metrics enabled the security team to coordinate effectively with other stakeholders. This efficient approach saved Sanas over 1.5 months of effort, resulting in certification from all major regulations in a record 60 days.
The collaboration between Sanas and OptIQ resulted in a robust data security framework. OptIQ's platform efficiently identified and classified sensitive data, addressing Sanas' challenges in managing and securing vast amounts of data. It provided a clear view of their sensitive data and categorized it according to industry requirements. Governing access to data brought essential security checks, with continuous monitoring of data downloads, access permissions, and an overall access snapshot.
By implementing OptIQ, they saved over 1.5 months of effort of their teams in achieving compliance certifications. With OptIQ's automated policy management and compliance toolkit, they achieved compliance with HIPAA, GDPR, CCPA, and PCI-DSS in a record 60 days, addressing their compliance management challenges and enhancing their ability to demonstrate data protection commitment to customers and regulatory bodies.