Sensitive data is a sensitive subject. When it is breached, fallout for the firm involved spans from reputational damage to a dent in revenue. In worst case scenarios, small companies may not be able to recover. For large financial institutions, a breach of unstructured sensitive data can be a huge reputational and financial blow as existing customers look to switch provider, prospects look elsewhere, and the media vilifies the villain.
These outcomes of a breach are, to say the least, challenging, but there are proactive approaches that can help firms stay on the right side of sensitive data management. To find out more, we talked to Peter Baumann, CEO of ActiveNav, about the extent of unstructured sensitive data that financial firms are hosting and how they can reduce risk and ensure compliance with privacy regulations such as Europe’s GDPR, the California Consumer Privacy Act, and Brazil’s version of GDPR, Lei Geral de Proteção de Dadosand (LGPD).
Capital markets companies are prime targets for hackers and cyber attacks, says Baumann, noting the volume and nature of the content they hold including sensitive customer and partner information. Discussion on protecting the data usually starts as a result of compliance requirements, but can be ignited by company choice, or a data breach. It could also be part of a migration project, perhaps to Microsoft 365 with a view to getting content into shape.
“There is a lot of making good to do before a migration, and then the data needs to be kept safely in a repository,” Baumann says. “Most people don’t see deciding the level of security of a document as a day job, and while user files appear to be named correctly, which makes people think they are secure, they may not be.”
Some solutions for sensitive data
ActiveNav offers a number of solutions to help financial institutions protect, manage and store unstructured sensitive data. Among them are an inventory solution that includes a screening technique that helps firms discover and take control of sensitive data. It also uses data scores to show which files are high risk and need to be addressed. “This is us working towards the easy button,” comments Baumann.
ActiveNav Compliance supports regulatory compliance and data minimisation. It also provides data mapping as a service to identify sensitive and confidential data, and data classification to automatically index and classify data stored across disparate silos, allowing users to tap into dark data that may unlock business value.
The solution’s uses cases, and perhaps the company’s most used offering, is data minimisation, which can reduce risk and storage costs, and help meet regulatory requirements by deleting over-retained data. “This is a simple program to reduce the data estate and cut out any redundant, obsolete and trivial (ROT) content,” says Baumann. “It’s hard to get organisations to act and execute because they worry about deleting data, but a financial institution needs a robust process and policies and people to do this.” He notes that 40% to 70% of any financial services organisation’s unstructured data can be classified at ROT. Beyond ROT, about 30% of data has not been modified for five years.
“Most organisations don’t have an appetite to deal with ROT, but they do have an appetite for sensitive data that can be a real business asset when used in conjunction with other data to generate products and revenue,” says Baumann. ActiveNav provides organisations with an out of the box solution that can be adapted and used not only for compliance, but also to identify ‘crown jewels’ in the data.
The company also offers a data governance solution to understand what data is being collected, stored and managed.
The software was initially offered as an on-premises solution using metadata to help identify the value of data, a document or file. A cloud version based on Microsoft Azure with APIs for connectivity was introduced in September 2021, with only metadata in the cloud. “With the scale and speed of cloud, we can do things that aren’t possible on premises,” says Baumann. “For example, we can benchmark data across an organisation.”
In January 2022, ActiveNav secured £2 million of Series A+ funding from the Mobeus venture capital trusts. A Series A funding round of $11 million was closed in November 2019 following strong growth at the company and customer wins including Voya Financial and Equifax.
The company was founded by Baumann in 2008. Early software development enabled organisations to achieve blind data discovery from content they knew nothing about. This was a success at the Crown Prosecution Service. The company moved on to add remediation and classification to discovery, and found initial success among government and military services looking to build a data foundation and strong records management.
Commercialisation followed, with financial services becoming the company’s largest sector on the basis that it is highly regulated and manages large volumes of data. According to Baumann, ActiveNav has worked with more than 300 organisations, and continues to work with about 100, 30% of which are financial institutions looking to ensure compliance and find value in unstructured sensitive data.
Looking forward, Baumann concludes: “Unstructured data is still the elephant in the room. And there is still a long journey ahead. We are experts in this space, but we are not yet satisfied that we have made managing unstructured sensitive data easy enough for our customers. Our North Star is zero dark data – no ROT, no duplicate data, sensitive data is under control, and business value can be gained from the data.”