Machine-driven, cloud compatible platform helps IT administrators and compliance professionals manage sensitive data, align to data protection requirements
WATERLOO, ON – June 15, 2021 – Cavelo Inc. today announced the launch of its flagship automated data discovery, classification and reporting platform. The Cavelo Discover Platform uses the National Institute of Standards and Technology (NIST) data privacy framework and is configurable for alignment to additional regulatory compliance acts including General Data Protection Regulations (GDPR) and California Consumer Privacy Act (CCPA).
“A remote workforce and lack of perimeter is the new normal,” said James Mignacca, CEO at Cavelo. “The drastic increase in remote users, endpoints and cloud applications makes knowing where your data resides challenging. The Cavelo platform is purpose-built to help IT administrators and compliance professionals identify and classify data while improving their data hygiene, thereby reducing their risk of data exposure and costly fines.”
Powered by machine learning, Cavelo is a cloud compatible endpoint agent that continuously scans cloud hosted servers and applications, on-premises servers, desktops and laptops to identify, classify, track and manage sensitive data. The platform seamlessly integrates with common workflow and security tools like ticketing systems, Security Information and Event Monitoring (SIEM) and business intelligence tools for comprehensive data catchment.
Its intuitive dashboard allows administrators to create custom policies and alerts based on a number of factors including users, geo locations, access times and system access controls, while real-time data risk assessments align businesses to rolling compliance requirements.
Platform features include:
- Data discovery– identify, classify and tag sensitive data, wherever it lives.
- Data tracking– build an audit trail to track data travel, access and modification.
- Alerting – create notifications for unapproved data activity or movement to unapproved locations.
- Reporting– align to global, national and industry-based standards and requirements such as GDPR, NIST, the Health Insurance Portability and Accountability Act (HIPAA) and more.
- End-to-end encryption– safely process metadata through Cavelo’s cloud-hosted servers, keeping data on-premises.
- Policy alerting – create rules to trigger alerts when sensitive data types are discovered on specific and unpermitted machines.
- Real-time risk assessment– understand risks unique to the organization with Cavelo’s risk benchmarking and scoring.
“IT staff or other roles responsible for compliance reporting generally aim to tick the box in terms of compliance,” said Richard Stiennon, Chief Research Analyst at IT-Harvest. “But the reality is that if a business can’t demonstrate how they map their data in the auditing process they risk non-compliance and the fines that come with it. The prime directive for security teams is to protect data. How do you know what to protect if you don't know what and where the data is?"
In North America all businesses have an obligation to understand the data they keep and how it’s monitored and reported. Non-compliance and regulations violation consequences vary based on the scale of data exposure and the issuing regulatory body. Global regulations like GDPR, national regulations like Personal Information Protection and Electronic Documents Act (PIPEDA) and regional regulations like the California Consumer Privacy Act (CCPA) issue fines that start at $2,500 for non-intentional violations and climb to a maximum of millions of dollars or 3% of global revenue.
Cavelo helps businesses achieve attack surface management with automated data discovery, classification and reporting. Its cloud compatible cyber asset attack surface management (CAASM) platform continuously scans, identifies, classifies and reports on sensitive data across the organization, simplifying compliance reporting, vulnerability management and risk remediation. For more information, visit www.cavelo.com or follow us on LinkedIn.