Discover, Classify, And Protect Data Assets With Teleskope

Guest: Lizzy Nammour (LinkedIn)
Company: Teleskope
Show: TFiR: T3M

Data is becoming harder and harder to secure and manage. Security, privacy, and data teams are hampered by manual, operational work and overhead. In this episode of TFiR: T3M, Co-Founder & CEO Lizzy Nammour, talks about how Teleskope is helping to alleviate the major pain points of companies, particularly in the data security and privacy space.

Highlights of this video interview:

In the early days when on-prem data centers were the norm, engineers were not able to touch data because it was always guarded by database administrators. In the cloud-native world, anyone can create a data store, spin up a cluster and start storing and collecting and transmitting data with just a click of a button.
There are companies where anyone in the engineering team could create databases. Obviously, it would need approval, but sometimes those teams are overloaded with approvals and things slip through the cracks. The company ends up not knowing what types of data their engineering team is starting to collect and store, if they include personally identifiable information (PII), and where they’re going. Sometimes, the data is sent to third parties.
The configurations in the cloud are pretty abstract, so it’s hard to know what you’re doing when you change some configuration that might leave the data open to the world. Then, there’s access control. At most companies, access is granted, but almost never revoked. If a team no longer needs access to the data, oftentimes, their access is still there, even though it’s not needed.
Companies are collecting a lot more data. It is common practice to have terabytes, if not petabytes, of data. A lot of that is useless, so they’re just sitting there. More modern companies are now thinking about data minimization.
Teleskope connects to their customers’ cloud accounts (AWS, GCP, Snowflake, Azure), automatically does an inventory of all the data that exists there, and automatically classifies where they’re storing PII and who that data is about. Customers can then use the results and automate on top of it. One company is using the results to automatically mask sensitive customer data in Snowflake. Another is automating data deletion for compliance purposes.

Before building Teleskope, they interviewed 200 companies:

Many are still manually labeling data, manually pinpointing where they’re storing personal and sensitive data.
They have this spreadsheet that stores all the columns and all the tables that contain PII.
These present problems: 1) the manual work is awful, and 2) the spreadsheet gets outdated, leaving them at risk for non-compliance with privacy regulations and security breaches.
People complain about fatigue due to the amount of false positive notification alerts. They not only have to manually sift through those alerts, they have to take action manually as well.

How Teleskope helps companies:

It secures the data they’ve already collected.
It provides an API that can classify and redact data before it gets stored. This best-in-class classification system identifies a piece of data it finds (e.g., address) and classifies it further (e.g., is it a customer’s address, public address, restaurant address, etc.).
It can be plugged into the code base to prevent 1) sensitive data from leaking into logs, 2) collecting sensitive data and storing it in a database, 3) preventing users from sending sensitive data to one another, etc.
It allows teams to take Teleskope’s results and automate on top of it, instead of getting alerted.

Advice for companies looking to improve their data security strategy:

Instead of collecting as much data as you can in the name of “big data”, think about collecting the right data that’s actually going to improve your metrics.
The more data you have, the harder it is to secure because you can’t secure what you don’t understand. The first order of business is to gain an understanding of your data. What do you have? Where are you storing sensitive data? How secure is it?
Foster a culture of data security. You can write as many policies as you want in terms of how to handle data, but no one really reads those policies. They need to be integrated with the software development lifecycle.

This summary was written by Camille Gregory.

You may also like

Apiiro wants to be the Diamond Standard for Application Security Posture Management

Akamai further fortifies its API Security with latest PCI DSS Compliance

If Iron Man has Jarvis, Transposit has Tanya

Bringing vCluster to Rancher is healthy competition: Lukas Gentele

How to choose best observability practices: Julian Fischer

Rootly’s AI-powered On-Call simplifies incident management