You signed a contract to share data. You agreed to protect it. Do you have any way of making sure that neither party accidentally leaks the data?
Breaches that are born from partner data sharing mishaps are common enough to where they no longer make the headlines. Everyone usually agrees to do the right things in a contract, but actually doing what it takes is another matter entirely.
Contracts are typically specific to a type of data and a location and less frequently indicate specific controls. Either way, if we’re to make compliance easy it has to be automated. And if it’s to be automated, we need plenty of context that rules in our monitoring policy can work from.
To get started, we create a scan and pick the area of focus, whether it’s a region, VPC, data service type or a specific data store itself. Then we pick the type of data of interest, again making it as broad or specific as you’d like. Run as an occasional audit or continuous monitoring, the resulting scan delivers the rich context for turning a contract into a living, breathing policy.
A common scenario is the need to make sure data stays in a particular location. Compliance with the PCI DSS is a leading example where the scope of your audit is determined by the locations where you store and process payment card data. Open Raven can be used to make sure payment card data is only in expected locations by using default data classes and straightforward rules that will alert you when data ends up in places that would expand your PCI scope.
In healthcare or related businesses, you can also use Open Raven to manage the reach of HIPAA by monitoring patient health data. Non-regulatory “geofencing” use cases are not unusual, especially when data is shared between partners and containing unintended sprawl of sensitive intellectual property is critical.
Open Raven can be used to ensure proper data controls are in place so that all parties can rest easy. Internet accessibility, use of encryption, logging, use of backups and more can all be stated as policy rules. Monitoring thereafter is hands-free and both parties can receive alerts in the event of any surprises.
Whether it’s a legal hold on data or another reason, there are times when data must be held under close scrutiny to ensure its integrity. Monitoring for data changes and protecting it versus deletion are of key importance.
Open Raven can be your automated eyes when you special vigilance is required on an important dataset. Monitoring can be setup for the data in question along with a policy that states in code what the expected state is supposed to be.
Proving that everything is as it should be usually requires concrete evidence. Open Raven has a number of ways to make showing everything is as it should be effortless: