Course content

Create Account

Log in / Create account to save progress and earn badges

FAQ

Mark Complete Enroll now to save progress and earn badges. Click to continue.

FAQ: Securiti Sensitive Data Intelligence 

Q. What authentication/authorization schemes does the solution support to connect to IaaS clouds?

Customers can connect to their respective IaaS clouds via IAM roles with the required permissions.

Q. Can you discover assets across multiple regions in cloud accounts?

Securiti can discover and catalog cloud-native and shadow data assets across AWS, Azure, and GCP. Data assets range from cloud storage buckets, data warehouses, data lakes, and databases deployed across your cloud environments.

Q. Can you import assets from an external CMDB? 

We allow admins to synchronize assets from external CMDBs via our asset connectors. We provide the ability to perform field mapping and customize the mapping of columns in your CMDBs across different sections and attributes. One can schedule automated periodic scans of CMDBs to ensure your data asset catalog is kept up to date.

Q. Do you support on-demand and scheduled discovery of assets?

Admins have the ability to initiate asset discovery scans on-demand or on a periodic basis.

Q. Do you support built-in detectors for personal and sensitive data elements?

Securiti’s Sensitive Data Intelligence comes with hundreds of personal and sensitive data that can be used to discover sensitive data in structured and unstructured data assets. These include name, phone number, email ID, social security number, credit card number, and more.

Q. Is sensitive data discovery supported in IaaS, SaaS, and on-premise data stores? 

Securiti supports 200+ predefined connectors to a variety of data repositories. Custom connectors can also be enabled using standards-based webhooks interfaces or using our workflow module.

Q. Do you allow defining custom data element detections?

Securiti allows the creation of custom data elements. Custom data elements can be created with granular scopes such as target data source types, jurisdiction, and regulation. We allow data element definition via regex, dictionaries, keywords, and anchors to optimize for high detection rates.

Q. Do you support matching on exact data?

Securiti supports exact data matching to fingerprint and match billions of cells of your unique sensitive data. One can create an Exact Data template and corresponding Exact Data Profiles which can be applied via Discovery Scans. 

Q. Where will you store the exact data fingerprints? 

Exact Data fingerprints will be stored in your on-premises or cloud environment to maximize data protection and help you maintain compliance with industry mandates.

Q. Do you allow manual override of the classification of a table column?

The system allows manual override of the classification of a table column and customers can choose data elements to override the decision. 

Q. Is sensitive data discovery supported in the unstructured text (CLOB) of database tables?

All major databases support character string data types to store unstructured data. SDI can help discover sensitive data in Character Large Objects (CLOB) of database fields and provide visibility about what Data Element Types were found in such columns.

Q. Do you allow sampling of files in a data store for scanning?

We have configuration knobs that facilitate data sampling on portions of files in order to determine the size, scale, location of data clusters and help customers to prioritize key datastores. 

Q. Can you scan big data formats like Avro, Parquet?

Securiti’s SDI solution leverages AI/ML techniques that classify sensitive data in Avro, Parquet, and other structured files. We leverage proprietary NER and NLP algorithms specialized for such data that fuse the various signals contained within them to provide accurate classifications and can even detect challenging types such as multi-part names & locations.

Q. Do you allow one to view detections from past scan jobs?

Our discovery scan jobs dashboard provides a complete view of past scan jobs that have completed and they can be correlated with data element detections in the respective dashboards.

Q. What is the retention period for scan results?

Securiti’s SDI solutions discovery scan results are retained in our data stores until customers decide to deactivate and purge the corresponding data store or when customers request deletion of their tenants.

Q. How do you scale to scan petabyte-scale data volumes? 

Securiti’s SDI provides a number of techniques to improve and optimize scan performance. A few examples include

  • First, built-in elasticity allows data scans to be run as containers that spin up new nodes based on the volume of data and expected time to find sensitive data. An orchestration engine can manage the number of compute nodes required and winds down extra nodes when not in use providing the most optimal speed and cost.
  • Second, it includes policy-based scanning to manage the scope of their target data based on file formats, file size, data attributes, and other types of metadata (such as last modified). Narrowing the scope can help yield faster results. 
  • Lastly, certain types of big data such as logs can be very homogenous (repeatable). Organizations can use sampling techniques to scan a portion of the first few bytes of a file. Similarly, in the case of structured data stores scan the first few rows of data. 

Q. Does your solution offer a SaaS-based and on-premises deployment model?

Securiti’s SDI is available in various deployment options. Organizations with large data centers or public cloud presence can choose to own and run it in their private clouds. In this approach, organizations scan data closest to their data sources with better security and at a lower total cost of ownership (TCO). For example: In an IaaS environment, if the data is scanned within the same Virtual Private Cloud (VPC) there is no risk of data leakage & no additional data export costs. For lean organizations with little or no infrastructure, Securiti SDI is available in the cloud. With a cloud-based deployment, organizations can start quicker. Organizations receive their expected service level agreement (SLA) with elastic capacity available out-of-the-box.

Q. Where is your SaaS service hosted?

Securiti is hosted in AWS and customer tenants can be hosted in our US, Canada, EU, Indonesia, Australia and UAE cloud infrastructure.

Q. How do you tune out false positives in what is detected? 

We apply several approaches to filtering out false-positive detections, and they vary for different types of data. First, we aim to determine data layout. Data can be in either structured tabular format, a semi-structured format such as JSON, and unstructured formats such as forms and natural text. These layouts are fundamentally different, and specialized parsing and algorithmic pipelines are applied to each. These algorithms allow us to better correlate the detections that are discovered to each other and to anchor terms, providing the important ability to set meaningful confidence levels to the detections. The final part of our pipeline, ML-based Contextual Analysis, examines the collection of detections to resolve ambiguous detections and to filter out likely false positives.

Q. How long will it take me to scan my environment?

Typically customers tend to perform content classification across all the datastores that they manage. The scan time for each datastore depends on the type of data that it contains (structured data or unstructured data), the type of detectors that have been configured, and the amount of data that needs to be scanned.

Q. Will scanning impact my production environment? 

Our systems are optimized for scanning hyper-scale production data environments and work within the rate limits of the respective datastores. For data stores that contain structured data, we offer linear and random data sampling techniques. For datastores containing unstructured data, we offer (a) sampling techniques targeting specific portions of files and (b) incremental scans which only scan the delta of any newly created or modified files and objects. 

Q. Can I schedule scans outside of business hours?

Data discovery jobs can be run manually or on a periodic basis. Admins can specify start times of these discovery scans on any periodic schedule frequency such as daily, weekly or monthly, during and outside business hours.

Q. Does the scanning of my file shares reset the “last accessed” date on all of my files?

Our scan engine does not reset the “Last accessed” data on files since we do not update any data in the files.

Q. Can I scan encrypted files and databases?

For datastores such asS3, if Server Side encryption has been used, we will scan the encrypted files transparently. If you have used KMS, then we would require permissions to the KMS in order to scan encrypted files.

Q. Can it read the classification tags that were applied via <Titus>,<Boldon James>,<Microsoft>, etc?

Securiti’s SDI solution integrates with Microsoft’s Information protection to read and retrieve labels and apply them to documents based on our Data Element detection and content classification capabilities. We also provide additional metadata labels that can be applied for privacy use-cases.

Q. Can your scanning and detection handle multibyte characters in databases?

All major databases support multibyte character string data types to store unstructured data. It is even possible that such database columns contain a variety of different Data Element types. We provide the ability to scan unstructured columns in databases for all possible Data Element types. Once the detections are complete, we provide visibility about the Data Element types that were found in such columns. 

Q. Do you pull the “file owner”, “last modified by” and” file created” by user information?

We capture user information such as including “file owner”, “last modified by” and” file created” along with the file metadata such as file name, size, file extension.

Q. Can I automatically perform data masking to redact the offending data inside of files or in table columns after sensitive data is detected?

The Securiti SDI tool orchestrates actions such as Dynamic Data Masking for data warehouses like Snowflake by automatically applying the masking functions supported by the datastore on sensitive data columns detected by the tool. 

Q. Can I use it to scan desktops and laptops?

Securiti’s SDI solution is targeted to provide data scanning solutions for IaaS, SaaS and on-premise data stores.

XML Sitemap

Gartner Customers Choice Gartner Cool Vendor Award Forrester Badge IDC Worldwide Leader Gigaom Badge RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend IAPP Innovation award 2020