Check out all the on-demand sessions from the Intelligent Security Summit here.

The fast-changing nature of today’s data privacy regulatory landscape, as well as variation between current laws, presents a major challenge for enterprises. Software solutions help, but the additional manual processes associated with data privacy compliance can still be expensive and time-consuming for businesses. A report from DataGrail estimates that managing data subject access requests (DSAR) manually can cost upwards of $240,000 per million records.

On Wednesday, cybersecurity company Imperva announced a tool based on its Sonar Platform technology that’s aimed at helping enterprises better navigate privacy compliance. Called Imperva Data Privacy, the release streamlines the process of identifying where personal data is stored in an environment and who is accessing it, minimizing the manual processes required to maintain continuous compliance.

“Discovery, figuring out how and where the data is, has traditionally been done by spreadsheets and interviewing data custodians or data owners,” David Valovcin, senior director of privacy at Imperva, told VentureBeat. “It’s very manual. And it’s inaccurate because it’s relying on human memory. What this does is automate that process.”

Imperva Data Privacy works with any on-prem, cloud, hybrid, or multicloud environment, and existing customers can run the tool on top of the Sonar Platform. It also automatically adjusts for any new or expanded regulations.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Changing landscape

Current mandates include consumers having the right to know what data a company has about them, the right to rectify errors, the right to port personal data, and the right to be forgotten. The California Consumer Privacy Act (CCPA) mandates compliance from any organization that processes data on California residents, affecting most companies. The General Data Protection Regulation (GDPR) offers similar protections in Europe. Overall, more than 107 countries have data privacy and protection laws, with more likely on the way, including in several U.S. states.

“Organizations are scrambling to figure out how to do this because the laws have been passed, they’re changing, and the definition of personally identifiable information is changing as well,” Valovcin said. “Originally, of course, that was social security number, but now it’s expanded to include tracking religion, political affiliation, and even IP address.”

As the mandate for data compliance continues to grow, so does the need for advanced security solutions. In fact, 2020 was “perhaps the most active year in memory” for cyberattacks, according to a report from cybersecurity company CrowdStrike, which also found that malicious actors increasingly turned to data extortion in their attacks against enterprises. Data protection specialist Acronis warned that “2021 will be the year of extortion.” And Imperva researchers have already found that data leakage attacks are up 74% since the beginning of the year.

The fact that exposures are so common has people wary. In a 2020 survey of 10,0000 adults, around two-thirds said they’re more alarmed about their online privacy than ever before. Among the respondents, almost half said their top concern is their personal information being exposed and compromised by cybercriminals in a data breach.

“It’s going to be a growing problem for all organizations watching data,” Valovcin said. “I think we’re seeing a global trend here in acknowledging that consumers have the rights to their data and need to know how the data is being used.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.