Enabled By Getvisibility
August 2019
Getvisibility presents a product that utilises the latest technology in Deep Learning AI for data classification and blockchain for data lineage, to give companies visibility, control and a strong dynamic understanding of their data as it is being created. Getvisibility conducted an internal Economic Impact Study to examine the potential Return on Investment (ROI) enterprises may realize by deploying Getvisibility. The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Getvisibility on their organizations. To better understand the benefits, costs, and risks associated with this investment, we interviewed and surveyed several of our customers. Our software is designed to process and classify unstructured information as it is being created with an unprecedented level of classification confidence and at large scale. Unstructured data is usually textual information in documents, spreadsheets and presentations and includes scanned documents. Getvisibility allows companies to quickly visualise their data footprint where new and changing data risks have become evident thus allowing for proactive data management and security. This enables organizations to apply remediation that is both accurate and effective. This also ensures that they are getting the best results from current Data Loss Prevention (DLP) tools, policies and procedures. With Getvisibility, a company also gets a complete registry of all files that contain Personal Identifiable Information (PII) necessary for compliance, Intellectual Property (IP) as it relates to the companies business and many other classification fields.
Getvisibility greatly reduces the amount of time needed for manual classification while providing superior accuracy.
Quantified Benefits
› Reduced the time needed for manual classification by 90%. With Getvisibility’s highly accurate classification capabilities, organizations no longer had to manually classify documents individually. This results in a three-year, risk-adjusted PV savings of nearly $1.7M.
› Increased speed and reduced risk of cloud adoption and migration. Getvisibility integrates seamlessly with Microsoft Azure services including Azure Information Protection (AIP) to discover and classify documents and emails using machine learning. AIP tags are written automatically, protecting your files and enabling the AIP protection with no human intervention. Data security risks associated with cloud migration were reduced from 76% to just 15% using Getvisibility.
› Reduced the time needed for compliance auditing Accurate classification of data decreased time spent on auditing by 78% and remediation by 80%. With Getvisibility the ability to manage the compliance of data became far more simplified. Administrators now had full visibility into their data across the organization in one centralized console. Furthermore, Getvisibility enables the organization to apply effective remediation and updates to compliance policies.
› Cost savings on incident remediation due to 90% reduction in data loss Getvisibility’s ability to integrate with many DLP platforms (such as Microsoft’s AIP) dramatically decreases the risk of Data Loss. As DLP tools are reliant on accurate data classification, customers noted an 80% increase in the quality of performance of their DLP platform once integrated with Getvisibility.
Before and After the Getvisibility Investment
Interviewed Organizations
For this study interviewed customers that had the following characteristics:
› Industries included healthcare, financial services, and manufacturing
› The personnel interviewed for this survey were heads of compliance and governance and heads of security
› The size of the companies ranged from 200 to 80,000 users
Prior to implementing Getvisibility, interviewed organizations wrestled with effective data loss prevention, protection of intellectual property, compliance mandates and overall data visibility.
› Lack of visibility into their unstructured data. A major industry problem is lack of understanding as it relates to unstructured data. Prior to implementing Getvisibility, these companies struggled to effectively understand and lock down their data. As a result, it was difficult for organizations to adhere to compliance and understand the risks associated with data.
› Multiple technology stacks required for minimal data visibility The interviewed companies had spent substantial time manually organising and classifying data. In the prior state, organizations had to manually find, open, read and classify data throughout the organization. Administrators we given multiple classification tags to choose from. The organizations wanted to move away from this manual approach as it was costly, time consuming and vulnerable to human error. Typically, they were using two products in tandem, one for legacy data and one for new data. This proved to be expensive and time consuming and there was little to no integration between the tools.
“As our business grows and data collection accelerates due to more staff and more data-driven processes we are seeing an escalating problem in tracking and classifying this data. Speed and accuracy are important and our experience of existing tools has highlighted serious shortcomings.” CIO Global Insurance Company
› Lacked the tools and capabilities to efficiently audit secure PII and IP. The organizations relied on custom rules, regular expressions (known as regex or pattern matching), manual classification and auditing, and DLP platforms. Furthermore, organizations had no way to enforce updates to the classification schema or taxonomy; they relied on their IT departments reaching out to users to apply new classifications and restrictions. The organizations needed to centralize and improve the auditing and protection of PII and IP to reduce their security posture and prevent any serious data breaches.
The interviewed organizations searched for a solution that could:
› Eliminate data classification based on regex and dictionary lookup
› Vastly reduce the requirement for manual input and continuous adjustment
› Handle more complex and detailed classification fields and tag taxonomies
› Achieve higher accuracy on these data classification fields
› Manage legacy and new data with a single platform or solution
› Include cloud repository classification capability for Sharepoint, One Drive and Dropbox
› Integration into DLP platforms including Azure Information Protection
› Be easy to use and have an intuitive user interface and the ability to export data
› Scale effectively across large enterprises with distributed document storage options
After interviewing these companies, they provided the following feedback on the Getvisibility platform:
› Moving to an automated classification process increased the accuracy of classification and reduced the effort required by company staff to manually classify data. With Getvisibility’s automated classification capabilities, organizations no longer had to manually search for, read and classify data. The Chief Information Officer at an insurance organization explained, “The Getvisibility platform is able to rapidly scan our data set (across file systems) and is able to classify with accuracy that surpasses our other tools. “
“Since adopting Getvisibility, we have had an internal compliance score of +90%. Our Data Protection Officer has indicated that the informative dashboard is drastically helping in their work.”
Manager, Financial organization
› Accelerated the migration to the Azure cloud due to DLP integrations. Multiple organizations reported resistance to cloud migration due to a number of factors such as concern about data security, privacy, data loss and governance and compliance. The accurate classification and tagging capabilities of Getvisibility integrate and significantly enhance DLP platforms such as Microsoft AIP. By providing the DLP with accurate information, Getvisibility allows organizations to migrate to the cloud confident that the correct security and privacy measures are being applied to their data. For example, one interviewee explained how the cloud migration process had improved: “Once we were confident that our data was correctly classified we were then confident to apply policies and security measures around it. This enabled a seamless migration to the cloud without compromise to our PII and sensitive data.”
› Empowered decision making regarding the company’s data stores. With Getvisibility, administrators can quickly and easily see all the information and obtain insights into their data. Previously, IT teams would have to manually audit data across each department with significant time involvement and cooperation from department heads, and afterward, these reports would have to be consolidated to give the IT team full visibility into their privacy and security posture. These reports and audits quickly go out of date. With Getvisibility they have a tool to obtain immediate views of data and can refresh the department audits automatically and reliably.
Based on the interviews and survey, Getvisibility built a case study for an average size company and associated ROI analysis that illustrates the areas financially affected. The case study organization is representative of the organizations interviewed, and it is used to present the aggregate financial analysis in the next section.
This international financial services company has approximately 2,000 staff spread across multiple locations. The organization has a complex network infrastructure with data on-premise and in the cloud. Currently, the organization is using multiple tools to attempt data loss prevention capability. The organization does not have a wide ranging classification taxonomy and typically classifies data across three headings; internal, external and private. For compliance, the organization faces significant challenges related to GDPR and PCI. Overall the management of data governance is problematic.
For this case study, the deployment of Getvisibility with out-of-the-box AI models took approximately one week to set up and configure. Over a two week period, the organization engaged with professional services to fine tune the machine learning model within their environment, do training on the software, analyze and review exported data, and adjust classification tags. Staff involvement was limited to defined periods for training, and ad hoc for approximately 4 hours of fine tuning. Further improvements to process required internal staff-only meetings to make use of the Getvisibility tool output that significantly optimised previous manual processes. No subject matter experts were locked in for long periods. The outcome from this streamlined configuration and newly optimised process resulted in a significant improvement in ROI.
Before implementation of Getvisibility, the case study organization’s ability to understand their data was dependent on manual classification and the users ability to accurately classify the documents. This resulted in unreliable and varied results. Their methods were highly manual and meant that it was very time consuming, with a lot of false classifications and highlighted a major vulnerability to insider threat. After adopting Getvisibility, the organization can now quickly and easily see all information and get insights into all of their data on one centralised dashboard.
For the case study organization, Getvisibility discovered that:
-Data governance personnel spent an average of 24 hours per month manually auditing data classification before adopting Getvisibility
-The organization recognized a 78% reduction in the time required to audit data classification through Getvisibility
-The organization was using an existing data loss prevention technology
The interviewed companies reported a significant reduction in data loss incidents. Before their investment in Getvisibility, the case study organization experienced a number of data privacy incidents each year. These incidents varied in severity, but the majority were accidental data loss.
With Getvisibility, the case study organization reduced the number of data privacy incidents by 80%. With a complete, consistent view of their unstructured data, with classification and tagging, end users get insight into their data across the entire estate.
Typically when an organization experiences a data breach, they do not have visibility into the data that has been lost, and trying to understand what data has been lost is very time consuming. While this report focuses solely on the remediation time, it is also important for organizations to consider other costs including incident response, downtime, regulatory fines and brand protection. In this report we assume:
-Before adopting Getvisibility, the organization experienced 57 data privacy incidents per year
-With Getvisibility, the organization decreases the number of cybersecurity experienced by 89% (to 6)
The cost savings on remediation of a security breach with Getvisibility will vary with:
-The breadth and scope of the security breach.
-The time to remediate
-The time to respond to regulators
-The actions to take to harden the environment
Before implementing Getvisibility, end users were required to manually classify all data. While this worked relatively well with minimal classification fields e.g. internal/external/private, as classification fields increased, it resulted in a lack of accuracy and a lack of understanding relating to the document classification type. By automating classification and leveraging AI, the organization were able to achieve the following:
End users saved over 30 minutes per day per person
Professional services required for digital transformation related to data security were reduced by 60%
The requirement for data governance professionals was reduced by 67%
Implementation, And Ongoing Maintenance
For the case study organization they had a dedicated team (of four) using tools for manual classification. The time required by these Full Time Employees (FTE’s) was over 240 hours per month for the classification. After implementation of Getvisibility, the requirement was reduced to 40 hours with one part-time data governance professional.
Based on customer interviews, Getvisibility found that:
› A part time resource is required for the set up and training of the model
› The number of FTEs dedicated to the planning, implementation, and maintenance of legacy manual systems -vs- Getvisibility is 25% (1 in place of 4)
Licensing for Getvisibility is based on active directory users for the composite organization and is an annual fee.
Based on customer interviews, Getvisibility found that:
› The case study organization is paying annual fees of $70 per active directory user
› The composite organization has 2,000 active directory users
Licensing fees will vary from organization to organization based on:
› The licensing agreement an organization chooses
› The number of active directory users
The case study organization required two weeks of professional services and training of the IT staff.
Speak to one of our experts