SecuPi enables to safely upload and store encrypted data to Snowflake while meeting privacy and security requirement
Companies are progressively transferring their data to data lakes and Big data. While moving data to the cloud offers numerous advantages, storing data in the cloud introduce new risk factors.
As a result of today’s technological advancements, it is likely that your organization has moved at least some, if not most, of its applications to the cloud. With the benefits of moving to the cloud, there are apparent security risks, one of which is losing visibility and controls over applications and sensitive data.
What is Japan’s APPI? The Act on the Protection of Personal Information (APPI), which is one of the first data regulations in Asia, was updated in May 2017 after a series of data breaches took place in Japan. The change in legislation happened a year ahead of EU GDPR, and both Japan and the European […]
What is Canada’s PIPEDA? Canada has always been one of the pioneers of data protection. It enacted the PIPEDA in 2000 and strengthened it with a new privacy act in 2015, which the requirements inspired the GDPR and came into force in 2018. The law applies to Canadian organizations from the private sector uniquely, who […]
What is the Nevada Privacy Law? Nevada has marked itself as a pioneer by following California’s footsteps and becoming the second state to approve new privacy laws aimed at protecting the consumers information. The new legislation requires owners and operators of internet websites as well as online commercial providers to allow consumers the right to […]
On February 28th, 2019, the National Legislative Assembly approved the Thailand Personal data protection Act (PDPA) after almost twenty years in the making. The act will pass into a law after it receives royal endorsement. The PDPA aims to govern data protection and will use GDPR as a blueprint, adopting some of the largest European articles to the Thai context.
In the last two decades, data breaches became a real threat to the people and the Mexican authority understood it well. The Federal Law on the Protection of Personal Data held by Private Parties, also called “the law”, was approved by the Mexican congress and came into action on July 6, 2010. The new regulation applies to private individuals and legal entities who process data on the Mexican territory, and use mean located in Mexico to process personal information.
In 2018, India approved the Data Protection Bill which proposes a legal framework to protect the autonomy of individuals regarding their personal information, and to specify the rights of individuals whose personal data are being processed and stored. The new regulation will be added to the existing laws in order to strengthen India’s position regarding data protection.
The “Australia Privacy principle” was voted in 1988 and intends to protect the personal information of local residents. New regulations were added to it in 2017 in response to the numerous data breaches that took place in the region.
The legislation applies to private sector entities with an annual turnover of at least AU$3 million, and all Commonwealth Government and Australian Capital Territory Government agencies. Organizations from various sectors such as insurance, telecom, healthcare are all subject to the law and can face serious penalties if they do not respect it.
The Data Privacy Act was approved in 2012 and provides a framework for regulating the processing and storage of particularly personal and sensitive data in the Philippines.
Brazil had approved the new regulation about personal data protection which will come into action at the beginning of 2020. The Brazilian General Data Protection Law (LGPD) adds a new legal framework for the use of personal information both online and offline, in the private and public sectors.
The HIPAA act is regulation designed to protect the privacy and security of individuals’ health information while encouraging companies to adopt new technologies to improve the quality and efficiency of patient care. SecuPi developed a solution that helps companies discover and improve the way they handle their customers’ sensitive health-related data by defining rules and providing access on a need-to-know basis.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that apply to any organization that accepts, process, stores and transmits credit card information.
Personal identifiable information is any types of information that when combined with other relevant data could help identify individuals in context. Due to the wealth of information provided by big data, there has been a significant rise in malicious activities, which has raised concerns over how companies handle the personal data of their customers. SecuPi created a platform that enables to maximize the protection of PII on high-risk application. Companies deploy SecuPi to protect their customers’ sensitive data by ensuring that data is accessed on a need-to-know basis while protecting from careless and malicious abuse.
The SOX act of 2002 is a U.S. federal law that established requirements for all U.S. management, public accounting firms and company boards. SOX was created with the intent of protecting the general public and the shareholders from accounting mistakes and malicious activities in enterprises and improve the accuracy of corporate announcements. SecuPi developed a technology enabling U.S. companies to easily meet the SOX requirements act and be compliant within a few days and with no development efforts.
The California Consumer Privacy Act (CCPA) is a legislation imposed on Californian companies in order to protect its consumer’s privacy. It regulates the way organizations collect and store consumer personal information. The CCPA goes into force on January 1, 2020 and will hold companies accountable for protecting their consumers’ data, focusing mainly on profiting from the sale of personal consumer information without their knowledge or consent.
SecuPi augments business applications with the capabilities for meeting GDPR requirements, including ‘Right to be forgotten’, ‘Data Minimization’, ‘Consent’ and ‘Records of Processing Activities’ without code changes and within days per application.
The travel and transportation industry has seen a major digital transformation in recent years. Companies collect data about individuals as they travel, from credit card to passport information and through implementing customer loyalty programs. While this transformation has undoubtedly improved the travel business and experience, it has also significantly increased compliance and security demands.
With SecuPi, travel and transportation organization can better comply with privacy regulation and secure their travels data by auditing it real time and keeping data access on a need to know basis.
Today’s privacy compliance demands are forcing the government sector to comply with current privacy regulation. However, these organizations often still use aging application and system that are not built for today’s pressing requirements.
Revamping these applications is no simple task due to time, cost and the potential system corruption it could cause. With SecuPi, these organization can address today’s privacy requirements, even on archaic application, in timely manner without the need to revamp their applications.
Some of the most classic breaches involved major retail firms as a Target. Hackers and malicious insider have successfully stolen payments card and transactional information, hurting the business financially and destroying its reputation. SecuPi provides retail firms with a robust application security solution that is capable of detecting malicious users and activities in real-time with instant response. Prevent data breaches and secure sensitive customer information before damage occurs.
SecuPi has been serving one of the largest Retail firms in Germany providing them with the capability to discover, monitor, protect and delete personal customer data within their existing application landscape, making them GDPR-ready.
Hospitals and health organizations hold sensitive medical and personal information of millions of clients. While other industries hold information that can be changed or discarded (such as credit card number), a person’s medical and personal records are unable to ever be changed, making it even more sensitive. Healthcare organizations are held to high standards by privacy regulations such HIPPA, GDPR and more. In addition to personal medical records, hospitals handle billing and insurance records and payment information on a continuous basis, making hospitals an appealing target for malicious hackers. SecuPi can provide healthcare organizations with full visibility and control over their personal customers information enabling the to be compliant with privacy regulations such as HIPPA, GDPR, PCI DSS and more.
With hundreds of applications handled by over thousands of representative with direct customer information access, the Telecommunications industry has been facing major challenges to be compliant with current privacy regulations. SecuPi enables full audit and monitoring of data access providing the security team with full visibility of all user actions in real time. On top of that, SecuPi offers Data Access Governance solutions that enables telecommunications companies gain full control over “who can see what” allowing sensitive information to be shared with employees solely on a “need to know” basis – all while keeping the business flow uninterrupted.
SecuPi has been serving multiple Telecommunications companies, including the largest European Telco provider.
Insurance companies hold a great deal of clients’ personal information which is deeply integrated within their systems used to calculate and determine policy rates.
These firms are held to high compliance expectations by the current privacy regulations.
While the purpose of insurance is to prevent customer’s financial loss, it is highly susceptible to malicious threats and breaches that can actually jeopardize sensitive customer information.
Most of this information is accessed through applications that must be highly protected, inside and out. SecuPi enables insurance companies to gain control over critical data access and provides various protection capabilities for staying keeping its customer data safe and compliant.
SecuPi serves one of the leading insurance firms in Italy.
Banking applications handling personal information and monetary transactions are often inviting targets and therefore must be highly protected. SecuPi’s unprecedented visibility and prevention capabilities enable financial institutions reach a new level of application privacy compliance and security. Ensuring fine-grained monitoring of sensitive data access and maintaining regulated data exposure on a “need to know” basis.
SecuPi serves the second largest financial organization in Europe.
What is Soft Deletion? SecuPi application overlay enables to define policies to hide personal data of customers that have indicated their wish to be deleted, without actually deleting their records in the database. This is referred as “Soft Deletion” and is achieved using SecuPi overlay intercepting personal data flows and processes across business applications, DBA […]
SecuPi enables SIEM solutions to monitor the real end goal of the attacker — the applications and data. SecuPi can feed data to any SIEM system and send alerts, thus enriching the SIEM with actual sensitive data exposed and/or high value transactions performed by the user/IP/device. SecuPi provides business impact information to SIEM on which data was exposed. The alerts sent to the SIEM rely on highly accurate User Behavior Analytics (UBA) and Machine Learning based decisions.
SecuPi provides the capability to centrally control sensitive data access on a “need to know” basis. Set rules and apply policies to determine who can access which sensitive data across your high-risk applications. SecuPi can prevent access to sensitive data by either dynamic masking, redaction, tokenization, or blocking; all without affecting the data, network, applications or databases.
To support the need for agility and ever-faster development cycles, organizations are able to provision a development, test or training production-like environments on-demand within minutes.
SecuPi provides extensive and easy to interpret auditing reports that can be assessed by auditors and regulators. Obtain full contextual evidence and forensics of breach attempts and malicious user activity. Every user action can be recorded, stored and later be retrieved for forensics. This data can be encrypted or masked for privacy regulations.
SecuPi runs real-time analysis to detect malicious activity and fraud based on single user activity, multiple users and velocity based comparisons.
SecuPi’s technology solves the challenge of spotting the real threat among countless requests. By combining peer comparison and user’s comparison to self, SecuPi analyzes and determines the relative risk score of the user. An abnormally high risk score would send trigger an alert that would be recognized as suspicious user activity.
Dynamic Data Masking offers a flexible and powerful capability to mask sensitive data in real-time without affecting the data itself. SecuPi provides full control over which sensitive data will be masked for any specified user.
SecuPi enables easy discovery of sensitive data subjects and data flows across business applications. SecuPi’s Discovery methodology enables automatic (data-source), semi-supervised (data-flow) and supervised (screen-based) discovery and classification with unprecedented accuracy.