Psychics, Magicians, and Insurance Policies
If you’re like me, I am sure you often ponder the similarities between psychics, magicians, and insurance policies. Whilst often discussed at cocktail parties, not everyone is quick to see how all three are intrinsically based on the same common principle: guesswork.
Magicians and psychics are understood to be experts at guessing what their audience (née customers?) are expecting to see or hear. What is not always obvious is that insurance policies are based upon guesswork too. When a person insures a house, they are asked to provide an inventory of everything of value contained within the dwelling. For a new homeowner, this is a fairly reasonable request given the scope of items owned. Later in life, it may well become harder to be precise in accurately determining every individual item worthwhile listing. Now imagine what it would be like for a large office building and knowing each item that is in need of being covered against a catastrophic loss. Add in the constant change as employees add and remove assets that should be covered and you can quickly see that it would be impossible to stay current with any degree of accuracy.
So, at best, insurance policies rely on guesswork.
Now think about all of the data that companies and organizations keep on their customers and members. While often this data is required in order to complete transactions, in many cases the data is being collected in order to perform analytics on individual behavior to help guide sales and/or marketing efforts. It is reasonable to expect that these entities will safeguard all of this personally identifiable information, but how can they do so?
In the absence of a crystal ball and a psychic’s ability to peer into the unknown, organizations have been forced to rely on guesswork. The most common practice in use today involves sending a questionnaire to various departments and asking what sensitive data is being stored by them. How does the team responsible for the e-mail, file storage, database, or CRM solution actually know the extent of sensitive data being stored? You’re right, they are forced to guess. Even presupposing that these initial guesses are highly accurate, they are simply capturing a static point in time and will immediately be out of sync with reality.
Further, if sensitive data is being stored in areas that it shouldn’t be, this questionnaire approach to identifying what sensitive data is being stored won’t do anything to ensure it’s being properly safeguarded.
We at LightBeam believe there is a critical need for entities to not only check a box saying they care about data security but, in light of all of the breaches that are now commonplace, the time is now to implement a solution that will identify what sensitive data an organization is storing, where it is being stored, and critically, who this data is associated with.
On a personal note, having experienced the frustrations of having my personal data stolen from multiple entities — large enough to have had proper security in place — I know how difficult it can be for organizations to properly secure their data. This has become an even more difficult task in light of how easy it is to quickly share or store data — perhaps in places it shouldn’t be. The need to better protect sensitive data has existed for a long time but, until recently, the onus was still overly reliant on human intervention — and that frequently just isn’t good enough.
With our focus on Data Privacy Automation (DPA), LightBeam is pioneering a unique identity-centric and automation-first approach to privacy, compliance and security. Unlike siloed solutions, LightBeam’s Data Privacy Automation ties together sensitive data discovery, cataloging, access, and data loss prevention (DLP), and makes the right identity-centric data available to the right people and teams. It becomes the privacy control tower providing a 360-degree view of PII/PHI/PCI sensitive data sprawl. LightBeam enables privacy officers to set policies to automate their enforcement, while information security executives can finally rest assured that sensitive data is being used and accessed securely.
For more information, visit www.lightbeam.ai.
Author: Peter Brass