Concentric is a leading vendor of intelligent AI-based solutions for protecting business-critical data. Last month, the company announced the latest advancements in its Semantic Intelligence data access governance solution for autonomous identification and risk assessment of inappropriate access, data sharing and user interactions – now with unique insights into user-related risks and support for both structured and unstructured data.
To find out more, VMblog reached out to Scott Lucas, Concentric Head of Marketing.
VMblog: It has been a few months since
our last interview. Can you please tell me how 2020 wrapped up for Concentric,
and how things have been going?
Scott Lucas: Concentric came out of stealth
just a few weeks before the first COVID lockdown. As I drove home from work for
what would turn out to the be the last time in 2020, I admit I was worried
about how we'd weather the pandemic.
But it turned out to be a pretty good
year for us. We managed to land some great customers and release a number of
exciting new product capabilities. Of course, there's no telling how things
would have been different without the pandemic, but we're heading into 2021 with
our code protecting tens of millions of documents and our engineering team at
full steam.
VMblog: Tell me about this new solution you
launched last month with a user-oriented view into data risks.
Lucas: Our product is called Semantic
Intelligence, and it's an AI-powered data access governance and risk management
solution. We autonomously find business-critical data and assess it for risk. We
provide a few different "lenses" for looking at your data. One of those lenses,
for example, highlights personally identifiable information (PII), which is
huge if you're dealing with compliance regulations.
Our new User360 capability we
just launched is another lens now available, that shows data from a
user-centric point of view. That gives the IT team a simple way to see the data
footprint for a specific individual. You can, for example, spot files that a
user doesn't normally have access to, or identify specific files owned by the
user that aren't adequately secured. That makes it easy, for example, to maintain
security hygiene for key employees who might have access to a number of
high-value files, or to monitor if an equity trader has access to documents
with insider information.
VMblog: And if I understand correctly, you also added structured data
protection as a new capability, is that right?
Lucas: We did. Compliance and data protection are the goals, but
the tactics you'll use for millions of end-user files versus the millions of
records in your databases are quite different. Few databases were designed with
privacy in mind and database designs often predate modern privacy regulations.
Sensitive information is often scattered across different databases, in
different tables and in different fields. Sometimes PII is duplicated across
tables or databases. Finding it all can be tougher than you might think.
We leveraged our foundational data analysis technology to
make the process autonomous and accurate. Now our customers can evaluate risk
and review access from a single tool. The solution is in production at a few
customers already and we're seeing lots of interest in the market.
VMblog: Aren't there plenty of solutions
out there already offering risk analysis and data protection for structured
data?
Lucas: Structured data is, by definition, data that's in a
database. IT professionals have, of course, committed substantial resources to database
security. But a glance at the news shows data loss is still an everyday
occurrence.
Database protection is a microcosm of defense-in-depth, and
some of DiD layers are more mature than others in the database world. As
regulatory mandates get stricter and focus shifts to privacy protection, our
customers told us they need more comprehensive PII analysis and assessment that
spans structured and unstructured resources.
That's what we've focused on, and we're in a great position
to do it. We started with the harder unstructured data problem last year, and now
we're uniquely positioned to provide PII assessment and access governance
across all data for an enterprise, on-premises and in the cloud.
VMblog: Are you still using artificial
intelligence in your solution to power these newly launched functions for
on-premises and cloud data repositories? Specifically, how is AI being
leveraged?
Lucas: We remain very focused on AI because it's really the only
way to dig deep into the details of data at any reasonable scale. Both User360
and our new structured data capabilities extend our natural language processing
and risk analysis expertise, just like our protection for unstructured data
does. And both work on-premises and in the cloud.
VMblog: What are some of the key benefits
organizations can realize with these new capabilities?
Lucas: Concentric's gives IT teams leverage by giving them more
capacity and expertise. Capacity is important because the amount of enterprise
data is exploding. There's just no way to keep tabs on millions of data
elements by hand. Automation is an absolute necessity.
But once you start getting into the nuts and bolts of IT automation,
you soon discover you need expertise to make it work. Let me give you an
example. A typical enterprise has a number of specialized functions, like the
legal department and the engineering team. Specialized teams create specialized
content, like contracts or source code files. An IT organization charged with
protecting data first has to understand what they're looking at, and that's not
realistic given the complexity of a modern enterprise. So that's the second
thing we provide - an expert system capable of understanding data across the functional
spectrum.
VMblog: Can you describe a typical customer for this
new solution? What are they trying to accomplish?
Lucas: Many of our customers are focused
on PII and privacy protection, and for them Concentric is a great timesaver. They
don't have to switch between tools to get the complete picture they need to
manage data privacy. Increasingly it's not just the usual suspects in regulated
industries (such as healthcare), but also organizations who want to avoid
customer data loss and the reputational damage that can result.
Our User360 customers are finding
lots of ways to use the feature. Some are watching high-privilege accounts to
be sure they're following good access control practices. Executives, for
example, have access to sensitive documents but they make mistakes just like
the rest of us. With User360, we can easily spot access control mistakes these
high-risk individuals might make, such as storing sensitive info in folders
that everyone in the company can see. (We see that all the time, by the way). User360
is also a great tool for managing employee transitions out of the company or
between departments. And we've seen customers use it for forensics, to identify
how a breach may have occurred or proactively spot policy issues that could
expose data to unnecessary risk.
VMblog: And
has anything changed since we last spoke about what can we expect to see from Concentric
later this year?
Lucas: We introduced some new
activity-based analysis capabilities late last year and that's an area where
you'll see more exciting work from our team. It's all about giving customers
more and better lenses into their data so they can get the insights they need.
We're also continuing our work on expert recommendations and remediation
options that will empower IT professionals.
VMblog: It has been great speaking with you, Scott.
Anything you want to add or leave our readers with before we wrap up?
Lucas: We've recently added a new risk assessment report to our
product portfolio. For customers who just want a snapshot of their data,
Concentric will scan what they have and deliver a report with access governance
recommendations and a risk analysis. For companies who need immediate help with
a data access audit or who could benefit from some deeper insights as they
develop their security strategies, it's a great option.
##