Analyst IDC Publishes Insight into Exonar’s Capability to Help Organisation’s Comply with GDPR
Exonar Probes Depths Where No GDPR Solution Has Gone Before June 19, 2017
By: Mark Child, Alex Proskura, Dominic Trott
IDC’s Quick Take
At InfoSec 2017 in London, Exonar briefed IDC on its innovative solution to the challenges of content discovery, classification, and management. Its proposition is built on open source technologies and utilizes advanced methodologies to overcome many of the hurdles faced by traditional DLP and eDiscovery solutions. Exonar’s solution enables companies to get to grips not just with GDPR, but with a much broader set of challenges.
Exonar’s demo focused on its data discovery, management, and compliance solutions, highlighting high- level dashboard views, as well as tools and capabilities for users to drill down and analyze any component of a company’s data assets. The vendor emphasized the importance of developing processes and mechanisms that ensure compliance is achieved by design and business risk is reduced in the long term.
IDC’s Point of View
Modern organizations face numerous challenges in terms of managing their systems and data. The current era of digital transformation and the shift to 3rd platform architectures are driving a need to focus on securing data rather than ensuring a secure perimeter or border; at the same time, the confluence of users and processes with data and systems means the human aspect and use cases are often as important as technology considerations. Data protection efforts are further complicated by the presence of data not only on a variety of devices, including mobile, but also in a variety of forms. Unstructured data, such as data in emails and office documents, presents a particular challenge. Compliance looms over all of this, with frameworks such as the forthcoming EU General Data Protection Regulation (GDPR) compelling organizations to address many of their data management challenges in the face of a hard schedule and concrete deadline.
Significantly for Exonar, the EU is not the only area where data compliance regulatory requirements are evolving. With markets such as China, Russia, and Singapore also setting out stronger guidelines, Exonar has the opportunity to address a much broader market than just its “home” region of Europe.
Exonar’s development arose from addressing specific needs in the defense and aerospace sectors. In trying to resolve its customers’ requirements, the vendor looked at the information assets component and at data loss prevention (DLP) solutions. However, it saw a key obstacle in that the solutions on the market typically could not understand what they were looking at. Contextual understanding was a challenge. Then it looked at ediscovery solutions to overcome these hurdles, but found major problems with scalability — a critical requirement in modern organizations ramping up to billions of files and documents. As a result, the company opted to develop its own solution and did so using a lot of open source components.
The Exonar solution is built on search technology (the appliance version might be described as “Google in a box”), supported by NoSQL, and is able to handle billions of documents. The solution makes use of machine learning (ML) for context identification; it is delivered to clients pre-trained, but it is further trainable; and it takes into account the document metadata, as well as the content.
Exonar’s solution uses natural language processing for contextual awareness; in other words, it not only looks for specific terms but also the language and structure around them. The language and structure tend to be fairly consistent in many document types (NDAs, CVs, purchase orders, etc.). The solution then creates rules around the location of the file and can make files available only to specific groups, such as HR and finance. It may be described as working on a principle of master data aggregation rather than management.
When it comes to deployment, Exonar’s solution is available on premises as an appliance and hosted in the cloud; it can even be consumed as a managed service. A portable version is also available, although, to date, the on-premises version and the MSP offering provide the most robust functionality. And, as the vendor looks to broaden its reach, it is now opening up its APIs to allow other systems to communicate with it. One of the API integrations that may bring significant benefit is the integration of Exonar with existing document management and email solutions, which could help remediate some of the traditional data protection risks.
Who Needs It?
Exonar reports that its customers come from across the market spectrum — finance, local government, travel and transport, law, and telecommunications. Although the largest portion of Exonar’s customer base is in the U.K., the vendor is fielding more and more inbound enquiries from abroad and is in negotiations with partners in the U.S. and in the Nordics to help manage its expansion. Regarding the drivers of adoption, becoming GDPR compliant is, perhaps unsurprisingly, the number-one reason (by a considerable margin) that organizations are seeking out Exonar. However, as important as cybersecurity is, it comes a distant second to making sure companies do not fall foul of privacy regulators. Exonar has published a white paper on data management and getting to grips with GDPR, which is available here.
Exonar’s solution addresses many of the challenges around data management — such as discovering hidden data and dealing with data at the speed it is created — and has emerged at a time when the need has never been greater, with GDPR coming into force in less than a year. The volume of inbound enquiries Exonar is receiving from beyond its core market is testament to the current market need for such a solution and points to rapid expansion over the coming months. Beyond compliance, the solution clearly has tremendous potential from a business enablement and efficiency perspective — drivers that should fuel even further expansion.
©2017 IDC #lcCEMA42801817 3
Find your data. Deal with its legitimacy. And put the controls and monitoring in place.