I recently sat down with Baron Capital’s CISO and VP of Infrastructure, Henry Mayorga, and our own Shankar Subramaniam to learn more about how Baron uses Concentric for data discovery, security, and privacy compliance. It was an eye-opening discussion that revealed the practical realities Henry – and other CISOs like him – face as they strive to meet user expectations for information-based productivity, expanding data security requirements, and staffing realities. The entire interview’s worth your time. Here’s a short summary of what Henry had to say.
How data management has changed?
Henry Mayorga: Your data is now very fluid in the way it’s managed and secured. You’ve ceded control from a central repository to a distributed repository. And cloud services, like Office 365 and OneDrive, put sharing control in somebody else’s hands. It’s very difficult to pull that control back because you can’t tell your users they can’t share. That’s just not how people work.
Why is it difficult to protect client data?
HM: When a client asks you how their data’s protected, first you have to know where the client’s data is. You also need to identify what that data is. Too often, that process of discovering and understanding your data is taken for granted. It’s actually a very complicated process. It’s even worse if you must control data on legacy systems as well as Azure, Office 365, or OneDrive. The proliferation of data while retrofitting controls for legacy data is precisely the problem.
After implementing data governance with Concentric, what did you find?
HM: We found tons of stale data. We found mislabeled and mislocated data distributed across OneDrive and other locations in and out of the cloud. We also found misnamed data. Sometimes a file had a name that made you think it was unimportant, but in reality, it contained critical data. Once we understood our data, we were able to put it in the right buckets and understand how it relates to other data.
What is Baron’s data control strategy?
HM: Now that we can see where our data is sitting, we’ve made certain changes in the way that we allow document movement. We’re going to do more with Office 365 tools to enforce access rules to have a consistent policy internally and externally. And guess what? We’re not going to manage those policies directly with Office 365. We’re going to do it through Concentric because with Concentric, you can apply the same policy for data that is both in your traditional bucket system, as well as what’s happening on the cloud.
Why is it important to have context for data discovery?
HM: You really need to do more than finding a word in a document. Finding a word in a document is pretty straightforward. But suppose you can understand the context of a set of words within a document. In that case, you can then classify that document on the likelihood that it is, for example, a financial statement. Or that it contains private information such as a driver’s license. When you have that context, you have a much more sophisticated mechanism for classifying your data.
How was the Concentric team?
HM: If I open my garage, I have all the tools to do carpentry in my house. I got them all. I bought them all, everything. However, when I have to do very specific work, I hire a carpenter, right? It’s about craftsmanship. And in this particular case, I may have the tool, but I still need the craftsmanship. And the experience that Concentric brings to the table they’ve gained by solving the same issues for other customers. That’s the benefit that I see from them. Their experience, their craftsmanship, their knowledge of the software, I can’t possibly equal. And certainly, their guidance on how to approach those problems better. Because at the end of the day, it saves time.
If you’re working to improve data access governance at your organizations, Baron’s journey to better data security will resonate. Legacy data, cloud migration, end-user empowerment, and staffing shortages confront data security professionals in every industry and companies of all sizes.
Concentric’s AI-based Semantic Intelligence™ solution automates data discovery and risk assessment. It works with your existing data management tools to deliver efficient and effective data security. Schedule an appointment today, and let us show you how it works.