Analyze Your System Privacy Risk for Free Today

author
Post Date: 12/02/2015
feature image

When it seems like the media reports a new high-profile data breach every day, it is increasingly clear that not enough organizations have solid data protection strategies in place. At AvePoint, we understand that part of the challenge may be simply not knowing where to start. That’s why we partnered with the International Association of Privacy Professionals (IAPP) to bring you the AvePoint Privacy Impact Assessment (APIA) system to help you better understand where your sensitive data lives, and how you can take action to properly protect it.

With APIA – which is available now as a free download – organizations are able to assess the privacy implications of their enterprise IT systems through a customizable, form-based survey system. From the assessment results, key stakeholders can analyze how sensitive information is handled by enterprise IT systems and whether the organization is compliant with privacy regulations.

One of our customers – a services company that handles highly sensitive data – was concerned that it had non-compliant data stored throughout network drives and SharePoint. To help assess and overcome this challenge, AvePoint took steps to help the customer conduct a data discovery exercise, build a data classification schema, and ultimately improve compliance. APIA was a critical part of that process.

Understand your “As-Is” Environment

With APIA, the organization was able to easily survey relevant stakeholders across the business about the how they work with sensitive data on a daily basis. APIA automated the distribution of questions and collection of information while enabling the company to use its own authentication controls for the impact assessment – simplifying the entire process for all involved.

Use question collections to survey different areas across the organization.
Use question collections to survey different areas across the organization.

Take Action with Results from APIA

Easily create reports with APIA’s Report Manager.
Easily create reports with APIA’s Report Manager.

After the survey period, AvePoint reported on responses using data exported from APIA and gave business leaders insight into “a day in the life of their business users”. The results helped them understand how different individuals across different departments and business units collected, worked with, shared, stored and accessed sensitive data, on an every day basis, as well as how much they knew about organizational information security policies. With this in mind, AvePoint conducted workshops to dive into the results, show trends, and identify where controls needed to be placed within SharePoint, network drives, and line of business (LOB) applications.

Sample question bank in APIA
Sample question bank in APIA

Implement a Compliance Solution

The customer then implemented Compliance Guardian, AvePoint’s comprehensive compliance management solution for data discovery, data classification, data loss prevention (DLP), and incident management. Compliance Guardian allows the organization’s data protection professionals to create data classification schemas, automatically tag new and existing files, and ultimately take action on sensitive content to enforce compliance across its enterprise collaboration systems.

Thanks to APIA, the customer can run periodic health checks that demonstrate progress made since the initial assessment – information that will be useful for the organization’s data protection professionals in case of an audit. The organization is now empowered with a solid data protection strategy and an understanding of where sensitive data lives within its IT systems – which means reduced risk for the company as well as better peace of mind for data protection officers.

Download APIA for Free Today

More than 2,500 practitioners across 64 industries and 85 countries are using APIA today. To begin analyzing your own system privacy risk, download APIA for free from the IAPP website.

author

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise

View all posts by Dana S.
Share this blog

Subscribe to our blog