Today, for enterprises and even SMB companies, IT is a sprawling but interconnected universe of applications, devices, and services all running in tandem to maintain the lifeblood of these organizations—data. Navigating the complexities of this arrangement is not just a challenge for security teams (something which Nightfall customers have attested to, before adopting our platform), it’s a genuine challenge for anyone who must manage and use information. As a result, data governance is an issue that impacts every part of your organization as well as every process that must leverage data, including e-discovery.
With this in mind, companies must begin approaching e-discovery as a data governance problem involving a number of stakeholders. This requires legal, compliance, governance, and security teams working together with tools that are adaptable enough to enable them to do so. This perspective was a huge impetus for Nightfall’s partnership with Hanzo, a world-class e-discovery platform used by a multitude of renowned global enterprises.
Hanzo now leverages Nightfall’s best-of-breed machine learning detectors to enhance business intelligence, allowing you to retrieve data that’s specific to your investigations. Additionally, with Nightfall powering Hanzo, data loss prevention rules can be put into place to prohibit the transmission of sensitive data to third-party data stores.
We wanted to briefly go over some core challenges that are part of the e-discovery process and how these can be addressed through solutions, like ours, that address data governance risk during the investigations process.
E-discovery challenge #1: Limiting the scope of data included in investigations
Before investigations can begin, electronically stored information (ESI) must first be identified, ingested, and processed from target environments deemed relevant to the investigation. Knowing the scope of what data is relevant to a specific investigation can be hard, and ultimately a key part of the investigations process is to reduce the massive volumes of ESI initially identified to a more manageable size. This, however, can be difficult without the correct tools.
Hanzo Spotlight Search is a new feature within the Hanzo platform that combines Hanzo’s native behavioral detection with Nightfall’s machine learning detectors. Together, these features allow you to scan Slack content ingested into Hanzo for specific patterns of behavior, like toxic language. It also allows you to search for specific types of PII like names, addresses, and much more. This ensures that you’re able to quickly identify ESI that is directly related to your investigations, and remove ESI which isn’t from your e-discovery environment. This essentially helps automate the process of processing data, and can help manage the data governance risk introduced by the investigations process.
E-discovery challenge #2: Minimizing compliance risks within third-party systems
The investigations process often involves the transfer of data to third-party services and entities. Data stored in third-party systems still can pose risk from a security and compliance perspective, which makes it all the more important to limit the scope of data that is forwarded to third-parties.
Nightfall’s perspective for mitigating cloud data exposure risk is to apply a single pane of glass across cloud applications. If, for example, you are a healthcare organization using Slack and Google Drive, it doesn’t make sense to allow individually identifiable health information to persist in Google Drive, while keeping it out of Slack. You’d want to have the same level of visibility into both systems in order to apply your compliance policies consistently to each.
Hanzo, understood this, and as part of its dashboard allows users to scan for sensitive content matching a wide variety of criteria, like Social Security Numbers, drivers licenses, names, addresses, passwords, and other sensitive information. Powered by Nightfall’s machine learning detectors, this functionality is highly accurate with users being able to adjust the sensitivity of Nightfall’s detectors with three parameters (Possible, Likely, or Very Likely).
For any content matching these criteria, you can redact or filter out the content before exporting it for legal hold or evaluation, helping ensure consistent data governance and compliance for your organization.
E-discovery challenge #3: Integrating e-discovery into a broader information governance strategy
Another critical consideration that might come up during the investigations process is the question of remediating compliance or data governance issues you discover within your cloud systems. In line with the previous example, you might find that not only do you not want to forward sensitive PII to third-party systems, but you might wish to remove it from the system the data originated from. Users leveraging both Hanzo and Nightfall’s various SaaS integrations can actually use Hanzo Spotlight Search to identify sensitive findings within the historical SaaS application storing the data to highlight training and policy enforcement opportunities, ensuring consistent compliance across your entire data lifecycle.
The e-discovery challenges introduced by the IT and software systems of today don’t have to be difficult to address. Watch a joint on-demand webinar, hosted by Nightfall and Hanzo experts, to learn more about how this solution can help address common data governance challenges within the e-discovery process. View the webinar for free here.