Are You Striking Out With Your DSAR Duties?

“In baseball, my theory is to strive for consistency, not to worry about the numbers. If you dwell on statistics, you get shortsighted; if you aim for consistency, the numbers will be there in the end.”

-Tom Seaver

Over the last few weeks, I have had a number of conversations with different customers that were struggling to keep up with the support/consulting/internal resources required to use their first generation and often inaccurate and out-of-date Personal Data Mapping (AKA’ Discovery’) tools. I posed the same question to each of the prospects that were looking to switch vendors. “You are very technical, and obviously know your business well – why would you use a solution that was obviously not built for consistent enterprise-grade network discovery?”

The ‘behind-the-answers’
answers were essentially the same:

Everyone else is using it – and no one ever got fired for using <Insert trusted vendor here>.

The problem is that Personal Data Discovery without real security principles (such as Zero Trust) leaves a gap that exposes the enterprise – and stakeholders have recently started to realize that.

Yes, you’ve ticked the checkbox. But is it the right checkbox?

These are the
questions victims of ‘Mapping sold as Discovery’ solutions are asking
us now.

Can your solution tell me consistently and sustainably where personal data is that it shouldn’t be – check.

of the problems we have had is if we tell the system where the personal data is
for ‘discovery,’ how can I trust it to tell me where any personal data is, and
it shouldn’t be – check.

Can your system, consistently and sustainably, create accurate data lineage across all
copies and partial copies of the personal data so I can have a high level of
Extra points if it can be done in
an automated way to reduce risk – check.

Can your system consistently and sustainably give me a 100% confidence level that if we get an SRR request, it is a real request around data transacted or used by our enterprise? We are having a massive amount of requests; we can’t keep up with the bogus ones – check.

Can your system, on an ongoing basis, tell me if all personal data is protected as
the fines for breach, in this case, are much higher – check.

Can your discovery
scale to our size environment as it is not scalable to continuously copy data
from our Databases to a mapping solution? We have a huge network – check.

Can your solution consistently
and sustainably ensure the data quality we need to be able to discover all uses
of personal data and related data, so we have a high level of quality – check.

Do these questions sound familiar? Are you struggling with some of these issues?

Schedule a call today and Discover how can help!

*** This is a Security Bloggers Network syndicated blog from authored by Zak Rubinstein. Read the original post at: