Abstract:
Join the former CISO of UiPath, Okta, Splunk, and SoFi to learn proactive approaches for preventing PII leaks and automating data mapping for compliance. Remediating PII leaks in production is costly and disruptive, while GDPR compliance often relies on manual spreadsheets and surveys. This session covers controls to minimize PII leak risks and streamline data mapping for compliance, featuring a new AI-powered code scanner that stops PII leaks at the code level and automates the creation of RoPA
Description:
Most security practitioners are familiar with the high cost of remediating PII data leaks discovered in logs, files, or third-party systems. Protecting PII data is crucial for organizations, not only because it’s the right thing to do but also to remain compliant and, in some cases, to stay in business. Once data leaks into production, it becomes a reactive and disruptive situation, often impacting multiple teams. In more serious cases, these leaks can spread into logs and third-party applications beyond the immediate engineering team’s scope, such as backup, monitoring, SIEM, and marketing systems. This increases risk, operational complexity, and the cost of addressing these leaks in production.
Compliance can be both complex and costly. Meeting the requirements of privacy regulations like GDPR or CCPA demands a thorough understanding of the privacy-sensitive data a company holds and its usage. According to the recent State of Data Visibility Report, most companies add new systems storing user data on a weekly basis. Depending on the size and complexity of the environment, creating a unified data map across an organization usually takes 6 to 12 months, even with assistance from external vendors and commercial tools. Most companies currently rely on manual spreadsheets and internal surveys, which cannot keep up with the rapid addition or updating of systems processing user data. As a result, privacy teams are often unprepared for product changes that involve unchecked processing of personally identifiable information and face constant pressure to avoid costly compliance violations. In 2023, total fines for GDPR violations reached $2.2 billion, up from $0.9 billion the previous year.
In this session, we will cover both preventive and detective controls needed to minimize the risk of sensitive data leaks, along with best practices to streamline data mapping for GDPR compliance.
Explore a new AI-powered scanner that can continuously detect vulnerabilities where PII data is exposed in plaintext through mediums such as logs, files, tokens, cookies, or third-party systems. The scanner can also track and visualize the flow of sensitive data at the speed of development and can automate the generation of Records of Processing Activities (RoPA) with just a few clicks. It also alerts users when new data elements are introduced, based on their sensitivity levels, to prevent out-of-scope product changes from going live and to avoid privacy incidents.
Compared to other data security and privacy platforms, HoundDog.ai takes a proactive approach to preventing PII data leaks at the source and documenting data flows for privacy compliance at the speed of development. This approach saves companies thousands of hours that would otherwise be spent remediating PII data leaks discovered in production or manually documenting data flows for privacy compliance. While many SAST scanners can identify exposed secrets like passwords or API tokens in the codebase, they fail to detect the code logic handling PII data. As a result, they cannot document these data flows or flag vulnerabilities where PII data may be leaking. DLP platforms typically use a reactive approach to data leak detection, which is slower and more expensive due to the massive amount of data that needs to be scanned. Moreover, they often miss leaks that spread to systems outside their scope, such as monitoring, SIEM, backup, and marketing systems. Finally, data privacy platforms are effective at documenting data flows discovered in production but require prior knowledge of third-party application integrations. They also lag behind unpushed code changes, leaving privacy teams blindsided by unlawful PII processing and struggling to keep up.
We will then wrap up the presentation with a customer case study and an interactive demo, showcasing the scanner’s ability to prevent PII data leaks at the source and generate RoPA effortlessly.