As the world becomes even more digital, data privacy is will continue to remain a huge concern amongst businesses in Corporate America.  Whether it is data leakage issues or coming into compliance with the provisions of the GDPR, CCPA, HIPAA, etc.  this is a subject area which will be at the top of the list of any IT Security team.

True, there are tools that can help you manage your datasets, but there are so many of them and it is confusing figuring out which one to use.

That is why Microsoft has come out with a new tool to give you a central point from which to manage all of your data privacy concerns, and is covered in more detail in this article.

The Functionalities Of Priva

Essentially, Priva contains of two main components which are as follows:

  • Priva Privacy Risk Management:

This tool provides a greater insight into the datasets and other pieces of confidential information that your company owns.  It also provides various templates that you can use to help reduce the risk of data leakages, whether they are intentional or not.

  • Priva Subject Rights Requests:

This tool gives you administrative power to govern any requests made by your employees to gain access to and manage any kind or type of dataset.  It also fully implements the concept of Least Privilege, in which employees are given just enough access that they need, nothing more and nothing less.

You can buy one or both of these tools, depending upon the security needs of your company.

The Strategic Benefits Of Priva

These are as follows:

  • A greater understanding of your data:

In any sized organization, no matter how large or small they might be, datasets exist everywhere in the business, ranging from the IT and Network infrastructures all the way down to your employee’s wireless devices.  But the problem is these days that the CISO and their IT Security team simply do not know where all of this data resides, thus making it more of a security risk.  But with Priva, as mentioned earlier, you can get a holistic view of where all of these datasets reside through one central dashboard.  From here, you will gain a much better understanding of how your datasets are being handled and processed on a day-to-day basis.  You can either choose to get snapshot views as you need them, or you can also configure Priva to give this bird’s eye view on a real time basis.  This will become absolutely crucial when you need to conduct risk assessments and determine the appropriate controls.  An example of this dashboard is illustrated below:

  • Manage privacy at a macro level:

Apart from managing data sets at the micro level, you can also manage them at the environment level as well.  At the present time, there are three core functionalities that allow you to do this, and they are as follows:

*Over exposed datasets:  This will let you see those types of data that have been exposed too much to the external environment, and your IT Security team has not been alerted to this fact.  Of course, this can provide a huge security risk as well.  From here, you can reclassify these kinds of datasets so they can be transferred to a more secure area of your databases.  Also, you can conduct a comprehensive audit of the rights and privileges that have been previously assigned and reorganize them so that they follow the concept of Least Privilege.

*Manage data transfers:  One of the biggest threats today is that the Cyberattacker is staying in your IT and Network infrastructure for an extended period of time going unnoticed.  The primary fear is that they will be able to exfiltrate data bit by bit without your knowledge until it is too late.  But with Priva, all of this is eliminated.  Through the previously mentioned dashboard, you can see the data transfers that are taking place, and immediately halt those that are deemed to be suspicious in nature.

*Minimizing datasets:  One of the cardinal rules today in Cybersecurity is to discard those datasets that you don’t need anymore, or those that are deemed to be outdated.  With Priva, you can identify these quickly, and delete them in a way that is in accordance with the various data privacy laws.  Also keep in mind that outdated datasets also pose a security risk, as it can keep the attack surface expanded for no reason.

To learn more about these functionalities, click here.

  • Integration with the Compliance Manager:

This is a tool which is now available in Microsoft Purview and will be covered in more detail in a future article.  But for purposes of this article, Priva can easily integrate seamlessly with the Compliance Manager.  From here, you can gain access to various prebuilt templates that will allow you to make sure that your business is not only in compliance with the data privacy laws, but also that the right controls are also put into place.

To learn more about the Compliance Manager, click here.

It can also be seen in the illustration below:

 

Conclusions

Overall, this article has provided an introductory dive into what Priva is all about.  If you need help deciding which licensing scheme you need and/or how to install and configure it, please contact us today.

Sources