Spirion Sensitive Data Manager is the main product of the Spirion Data Privacy Management Framework – a SaaS platform that supports companies that need to prove compliance with data privacy standards. The Sensitive Data Manager provides functions to monitor access to sensitive data and control the movements of that information.
Key Features:
- Unified Data Discovery with AnyFind: Scans all network endpoints to identify and list sensitive data stores, streamlining data management across dispersed environments.
- Dynamic Data Classification via Watcher: Evaluates and classifies data based on user-defined criteria, offering tailored compliance and vulnerability insights.
- Enforced Data Policies with SpyGlass: Implements security policies across the network, coordinating with external tools to protect sensitive information effectively.
- Cloud and On-Premise Integration: Compatible with a broad range of platforms, including Windows, macOS, Linux, and various cloud services, ensuring flexibility in deployment.
Sensitive data has many forms, but companies are obliged to protect personally identifiable information (PII). This describes data that relates to private individuals. It is not illegal to hold this information, and there is no problem if it is released anonymized. The big problem occurs if the data released is sufficient to enable con artists to impersonate each individual – this would be classed as identity theft in bulk.
The system also identifies personal health information (PHI), credit card data, and intellectual property (IP). Of course, not everyone needs to protect all these types of data. For example, if you don’t work in the healthcare sector, you won’t need processes to protect PHI. However, the Spirion system is adaptable, so the data it seeks and saves are specific to the standards you need to follow.
Data privacy standards
The challenge of sensitive data protection arises from a complicated mixture of industry expectations and government legislation. A form of shunning enforces the requirement to protect certain types of data. If you don’t get accreditation to a related standard in certain business circles, you won’t be allowed to bid for work. This growing trend is due to the risk that the leak of sensitive data creates.
Risk management is essential to get insurance cover. For example, a business that handles sensitive data can only share that data with other companies if those associates are prepared to maintain equally high data protection standards.
This phenomenon began in the United States with industry data protection standards, notably the Payment Card Industry Data Security Standard (PCI DSS) and the Health Assurance Portability and Accountability Act (HIPAA). HIPAA is an early example of data protection enforced by legislation. It deals with Protected Health Information and constrains the health insurance and healthcare provider sectors.
PCI DSS, relating to credit and debit card data, flows from the big payment card providers to an obligation on any business that wants to collect payments by card.
The requirements of these standards extend to the cloud platforms that host data and applications that process it and managed service providers that look after those systems.
Now new requirements, enforced by legislation, cover general data related to private individuals – known as PII. These include:
- General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) in the EU
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in California, USA
- Consumer Data Protection Act (CDPA) in Virginia
- Lei Geral de Proteção de Dados (LGPD) in Brazil
- Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
- Protection of Personal Information Act (POPIA) in South Africa
- Australian Privacy Principles (APPs) in Australia
Other countries around the world are currently organizing their data privacy standards. This list includes India and China.
About Spirion
Spirion, LLC started up in September 2006. The company’s founders, David Goldman and Todd Feinman, are still significant shareholders working at the business. Spirion, LLC wasn’t the pair’s first venture. Spirion was created by rebranding an earlier enterprise called Identity Finder, LLC, based in New York City. The Spirion logo of a robot sniffer dog is the same as that used for Identity Finder. Spirion is headquartered in St Petersburg, Florida.
The Spirion platform is the leading service offered by Spirion. The system provides several modules, and these work together to support compliance. The company’s shares are privately held.
What does Spirion Sensitive Data Manager do?
Spirion Sensitive Data Manager includes three units. These are:
- AnyFind
- Watcher
- SpyGlass
These three services interact to create the Sensitive Data Manager. There is no phasing in the links between these three units. Therefore, all three operate continuously and simultaneously.
AnyFind
AnyFind is the data discovery service in Spirion. This system will look at all endpoints you have enrolled in the service and identify data stores.
The service presents a list of locations of sensitive data, which is published in the Spirion dashboard. You will be surprised by how many places were found, which could motivate you to start a data storage strategy that centralizes data. However, Spirion can still manage data in a distributed environment, so using this data protection system.
Watcher
Watcher searches through each data location, classifying the data. This classification system adapts to the requirements you set up in the dashboard and highlights instances of data related to the standards you need to comply with.
The tool also assesses vulnerability levels of data and recommends access rights management changes that would improve data management.
SpyGlass
SpyGlass is the data protection module of the Spirion Sensitive Data Manager. You should have security policies set up in the Spirion dashboard, and SpyGlass enforces them. However, it is when examining SpyGlass that we discover a weak point in the competitiveness of Spirion. It implements data security by coordinating with other tools. Unfortunately, Spirion doesn’t provide data loss prevention. However, there are many DLP systems on the market that include sensitive data discovery.
Spirion Sensitive Data Manager price and deployment
While the processing power of Spirion Sensitive Data Manager is provided on cloud servers, there are elements of this system that install on the devices and services that the tool protects. The list of systems that the Spirion agent software installs on are:
- Windows
- Linux
- macOS
- Exchange Server
- Sharepoint
- Microsoft 365
- Dropbox
- Box
- Google G-Suite
- AWS
The Spirion master system is hosted on Azure servers.
Spirion doesn’t publish its price list. The buyer journey for this product begins by accessing a demo system.
Spirion Sensitive Data Manager strengths and weaknesses
Spirion Sensitive Data Manager is a perfect tool for identifying the locations of sensitive data. However, to protect that data, you will also need to buy a DLP system. Unfortunately, when examining suitable DLP services, you will discover that most of them already have a sensitive data discovery module, which means that, by buying Spirion, you end up with two data discovery services – one of which you don’t need.
Here is our assessment of Spirion Sensitive Data Manager.
Pros:
- Comprehensive Data Discovery: Excellently locates sensitive data across the network, aiding in the formulation of centralized data strategies.
- Customizable Classification: Adapts to specific compliance needs, enhancing data management through tailored classification and vulnerability assessments.
- Improves Access Rights Management: Generates actionable recommendations for access rights adjustments, boosting data security posture.
- Compliance Reporting: Features a robust reporting module for compliance auditing, simplifying the adherence to regulatory standards.
- Broad Integration: Seamlessly integrates with other Spirion tools and third-party systems, extending its data protection capabilities.
Cons:
- Lacks Direct Data Protection: While identifying sensitive data, it requires additional DLP solutions for full data protection, potentially leading to redundancy.
- Limited Platform Coverage: Operates on Azure but lacks specific data tracking capabilities for Azure or Google Cloud Platform, narrowing its scope of protection.
- Dependency on External DLP: The absence of an in-built DLP service complicates the search for a compatible data protection solution that doesn’t duplicate features.
The absence of a DLP service is a significant problem for those investigating a data privacy standards compliance system. For example, to justify subscribing to Spirion Sensitive Data Platform, you would need to find a DLP that doesn’t have that function built-in, and most of them include that service.
Alternatives to Spirion
Spirion Sensitive Data Manager identifies sensitive data and monitors its use. However, you will need to integrate the Spirion service with third-party tools to enforce data protection. Spirion is a perfect data classification system that links through to compliance management modules on the same platform. However, it isn’t the only provider in this market, and rival systems implement data loss prevention and sensitive data discovery.
Our methodology for selecting a sensitive data discovery tool
- We reviewed the market for sensitive data discovery systems like Spirion Sensitive Data Manager and analyzed the options based on the following criteria:
- A system that can unify the monitoring of data held on many different platforms, allowing centralized control
- A service that ties in with data privacy standards compliance management
- A system that operates continuously without manual intervention
- File protection and activity logging
- Controls over data exfiltration points, such as file transfer systems, email, and peripheral devices
- A free trial or a demo system for a no-cost assessment
- Value for money represented by a worthy tool at a fair price
Some system managers prefer the economies of cloud services, while others prioritize the security of on-premises systems. We have included both of these deployment options in our selection.
Here is our list of the five best alternatives to Spirion Sensitive Data Manager.
- ManageEngine Endpoint DLP Plus (FREE TRIAL) This data loss prevention package operates on a LAN and can also be used to control sensitive data access on multiple sites from one central location. The package includes a sensitive data scanner that also classifies all discovered instances. The file that holds sensitive data is protected by containerization and all direct access is blocked. The data can only be accessed by a list of trusted applications and those should be protected by user credentials. All activity related to data in those files is logged for compliance auditing. The ManageEngine tool watches email systems, USB ports, file transfer utilities, and cloud upload facilities and optionally blocks or passes data movement according to the defined rights of each user. This software runs on Windows Server. A Free edition will control data on 25 endpoints and the paid version, called Professional, is available for a 30-day free trial.
- Endpoint Protector This SaaS platform is a DLP system that protects PII. Although processing is performed on cloud servers, local agents perform searches and implement controls on data movements. These agents run on Windows, macOS, and Linux. This package is not limited to protecting a single LAN but can extend protection to the equipment of telecommuting workers, remote sites, and cloud platforms. Endpoint Protector can be tailored for compliance with PCI DSS, GDPR, and HIPAA. Those who have accounts on AWS, Azure, and GCP can add on the Endpoint Protector service from the platform’s marketplace. As well as offering this package as a SaaS platform, Endpoint Protector makes its software available for installation as a virtual appliance. Access a demo system to assess this DLP package.
- Thales CipherTrust Data Discovery and Classification A partial match to Spirion Sensitive Data Manager, this service is part of a wider SaaS offering called CipherTrust Data Security Platform. Subscribing to several modules on this platform assembles a full rival to the Spirion system. This package watches over multiple sites for each subscription account and can include data on cloud platforms. In addition, this service facilitates the managed sharing of data and controls the distribution of copies or remote access to data stores. Other CipherTrust modules offer file encryption and copy-tracking services. This tool is suitable for compliance with GDPR, CCPA, LGPD, PCI DSS, and HIPAA.
- Azure Information Protection This is a service offered on the Azure cloud platform. Still, it can be applied to data stored on any site or any significant rival cloud platforms. So, although it is necessary to have an Azure account to use this service, you don’t have to keep any data on that system to benefit from Information Protection. This system identifies sensitive data sources and monitors their usage and movement. It tracks documents and scans email systems. It can watermark electronic documents, enabling distribution tracking. In addition, this system can be linked with an Azure AD service to connect access rights management to data protection.
- Mentis iDiscover This cloud-based sensitive data protection system excels at tracking and protecting newer formats of data stores, such as Big Data systems and unstructured storage. The system will also save files and databases. It can interface with 35 different database management systems. This package includes data discovery and classification, which is a continuous process. It links data stores to the applications that access them to enable more proper access rights management. Mentis used AI processes to identify collections of data that become PII when linked together. This service will enforce compliance with GDPR, CCPA, and HIPAA. Request a demo to assess Mentis iDiscover.
