Spirion Review Including Alternatives

Spirion Sensitive Data Manager is the main product of the Spirion Data Privacy Management Framework – a SaaS platform that supports companies that need to prove compliance with data privacy standards. The Sensitive Data Manager provides functions to monitor access to sensitive data and control the movements of that information.

Sensitive data has many forms, but companies are obliged to protect personally identifiable information (PII). This describes data that relates to private individuals. It is not illegal to hold this information, and there is no problem if it is released anonymized. The big problem occurs if the data released is sufficient to enable con artists to impersonate each individual – this would be classed as identity theft in bulk.

The system also identifies personal health information (PHI), credit card data, and intellectual property (IP). Of course, not everyone needs to protect all these types of data. For example, if you don’t work in the healthcare sector, you won’t need processes to protect PHI. However, the Spirion system is adaptable, so the data it seeks and saves are specific to the standards you need to follow.

Data privacy standards

The challenge of sensitive data protection arises from a complicated mixture of industry expectations and government legislation. A form of shunning enforces the requirement to protect certain types of data. If you don’t get accreditation to a related standard in certain business circles, you won’t be allowed to bid for work. This growing trend is due to the risk that the leak of sensitive data creates.

Risk management is essential to get insurance cover. For example, a business that handles sensitive data can only share that data with other companies if those associates are prepared to maintain equally high data protection standards.

This phenomenon began in the United States with industry data protection standards, notably the Payment Card Industry Data Security Standard (PCI DSS) and the Health Assurance Portability and Accountability Act (HIPAA). HIPAA is an early example of data protection enforced by legislation. It deals with Protected Health Information and constrains the health insurance and health care provider sectors.

PCI DSS, relating to credit and debit card data, flows from the big payment card providers to an obligation on any business that wants to collect payments by card.

The requirements of these standards extend to the cloud platforms that host data and applications that process it and managed service providers that look after those systems.

Now new requirements, enforced by legislation, cover general data related to private individuals – known as PII. These include:

  • General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) in the EU
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in California, USA
  • Consumer Data Protection Act (CDPA) in Virginia
  • Lei Geral de Proteção de Dados (LGPD) in Brazil
  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
  • Protection of Personal Information Act (POPIA) in South Africa
  • Australian Privacy Principles (APPs) in Australia

Other countries around the world are currently organizing their data privacy standards. This list includes India and China.

About Spirion

Spirion, LLC started up in September 2006. The company’s founders, David Goldman and Todd Feinman, are still significant shareholders working at the business. Spirion, LLC wasn’t the pair’s first venture. Spirion was created by rebranding an earlier enterprise called Identity Finder, LLC, based in New York City. The Spirion logo of a robot sniffer dog is the same as that used for Identity Finder. Spirion is headquartered in St Petersburg, Florida.

The Spirion platform is the leading service offered by Spirion. The system provides several modules, and these work together to support compliance. The company’s shares are privately held.

What does Spirion Sensitive Data Manager do?

Spirion Sensitive Data Manager includes three units. These are:

  • AnyFind
  • Watcher
  • SpyGlass

These three services interact to create the Sensitive Data Manager. There is no phasing in the links between these three units. Therefore, all three operate continuously and simultaneously.

AnyFind 

AnyFind is the data discovery service in Spirion. This system will look at all endpoints you have enrolled in the service and identify data stores.

The service presents a list of locations of sensitive data, which is published in the Spirion dashboard. You will be surprised by how many places were found, which could motivate you to start a data storage strategy that centralizes data. However, Spirion can still manage data in a distributed environment, so using this data protection system.

Watcher

Watcher searches through each data location, classifying the data. This classification system adapts to the requirements you set up in the dashboard and highlights instances of data related to the standards you need to comply with.

The tool also assesses vulnerability levels of data and recommends access rights management changes that would improve data management.

SpyGlass

SpyGlass is the data protection module of the Spirion Sensitive Data Manager. You should have security policies set up in the Spirion dashboard, and SpyGlass enforces them. However, it is when examining SpyGlass that we discover a weak point in the competitiveness of Spirion. It implements data security by coordinating with other tools. Unfortunately, Spirion doesn’t provide data loss prevention. However, there are many DLP systems on the market that include sensitive data discovery.

Spirion Sensitive Data Manager price and deployment

While the processing power of Spirion Sensitive Data Manager is provided on cloud servers, there are elements of this system that install on the devices and services that the tool protects. The list of systems that the Spirion agent software installs on are:

  • Windows
  • Linux
  • macOS
  • Exchange Server
  • Sharepoint
  • Microsoft 365
  • Dropbox
  • Box
  • Google G-Suite
  • AWS

The Spirion master system is hosted on Azure servers.

Spirion doesn’t publish its price list. The buyer journey for this product begins by accessing a demo system.

Spirion Sensitive Data Manager strengths and weaknesses

Spirion Sensitive Data Manager is a perfect tool for identifying the locations of sensitive data. However, to protect that data, you will also need to buy a DLP system. Unfortunately, when examining suitable DLP services, you will discover that most of them already have a sensitive data discovery module, which means that, by buying Spirion, you end up with two data discovery services – one of which you don’t need.

Here is our assessment of Spirion Sensitive Data Manager.

Pros:

  • A robust data discovery service for sensitive data
  • Adaptable data classification systems
  • Produces recommendations for improvements in access rights controls
  • Has a reporting module for compliance auditing
  • Integrates with other tools on the Spirion platform and third-party systems

Cons:

  • Doesn’t protect data
  • Runs on Azure but doesn’t have data tracking sensors for that platform or GCP

The absence of a DLP service is a significant problem for those investigating a data privacy standards compliance system. For example, to justify subscribing to Spirion Sensitive Data Platform, you would need to find a DLP that doesn’t have that function built-in, and most of them include that service.

Alternatives to Spirion

Spirion Sensitive Data Manager identifies sensitive data and monitors its use. However, you will need to integrate the Spirion service with third-party tools to enforce data protection. Spirion is a perfect data classification system that links through to compliance management modules on the same platform. However, it isn’t the only provider in this market, and rival systems implement data loss prevention and sensitive data discovery.

What should you look for in a sensitive data discovery tool? 

  • We reviewed the market for sensitive data discovery systems like Spirion Sensitive Data Manager and analyzed the options based on the following criteria:
  • A system that can unify the monitoring of data held on many different platforms, allowing centralized control
  • A service that ties in with data privacy standards compliance management
  • A system that operates continuously without manual intervention
  • File protection and activity logging
  • Controls over data exfiltration points, such as file transfer systems, email, and peripheral devices
  • A free trial or a demo system for a no-cost assessment
  • Value for money represented by a worthy tool at a fair price

Some system managers prefer the economies of cloud services, while others prioritize the security of on-premises systems. We have included both of these deployment options in our selection.

Here is our list of the five best alternatives to Spirion Sensitive Data Manager.

  1. ManageEngine DataSecurity Plus This software package is very similar to Spirion Sensitive Data Manager because it is organized in three modules and covers data discovery and classification, data protection, and compliance functions. However, this system is better because it implements DLP. These units are called Data Risk Assessment, File Server Auditing, and Data Leak Prevention in the ManageEngine systems. The Data Risk Assessment unit performs data discovery and the classification of data by this service underpins the Data Leak Prevention service. In addition, this service protects PII and PHI. Other functions in this package include file assessment that identifies defunct data stores, file integrity monitoring, which encrypts specific files, and data leak prevention, which patrols peripheral ports and file transfer systems. ManageEngine DataSecurity Plus installs on Windows Server, and it is offered on a 30-day free trial.
  2. Endpoint Protector This SaaS platform is a DLP system that protects PII. Although processing is performed on cloud servers, local agents perform searches and implement controls on data movements. These agents run on Windows, macOS, and Linux. This package is not limited to protecting a single LAN but can extend protection to the equipment of telecommuting workers, remote sites, and cloud platforms. Endpoint Protector can be tailored for compliance with PCI DSS, GDPR, and HIPAA. Those who have accounts on AWS, Azure, and GCP can add on the Endpoint Protector service from the platform’s marketplace. As well as offering this package as a SaaS platform, Endpoint Protector makes its software available for installation as a virtual appliance. Access a demo system to assess this DLP package.
  3. Thales CipherTrust Data Discovery and Classification A partial match to Spirion Sensitive Data Manager, this service is part of a wider SaaS offering called CipherTrust Data Security Platform. Subscribing to several modules on this platform assembles a full rival to the Spirion system. This package watches over multiple sites for each subscription account and can include data on cloud platforms. In addition, this service facilitates the managed sharing of data and controls the distribution of copies or remote access to data stores. Other CipherTrust modules offer file encryption and copy tracking services. This tool is suitable for compliance with GDPR, CCPA, LGPD, PCI DSS, and HIPAA.
  4. Azure Information Protection This is a service offered on the Azure cloud platform. Still, it can be applied to data stored on any site or any significant rival cloud platforms. So, although it is necessary to have an Azure account to use this service, you don’t have to keep any data on that system to benefit from Information Protection. This system identifies sensitive data sources and monitors their usage and movement. It tracks documents and scans email systems. It can watermark electronic documents, enabling distribution tracking. In addition, this system can be linked with an Azure AD service to connect access rights management to data protection.
  5. Mentis iDiscover This cloud-based sensitive data protection system excels at tracking and protecting newer formats of data stores, such as Big Data systems and unstructured storage. The system will also save files and databases. It can interface with 35 different database management systems. This package includes data discovery and classification, which is a continuous process. It links data stores to the applications that access them to enable more proper access rights management. Mentis used AI processes to identify collections of data that become PII when linked together. This service will enforce compliance with GDPR, CCPA, and HIPAA. Request a demo to assess Mentis iDiscover.