Informatica Data Privacy Management – Sensitive Data Discovery

Informatica Data Privacy Management (see Figure 1) is a solution for enterprise-spanning data privacy, governance and security. Among other things, it offers sensitive data discovery and classification in order to understand how your sensitive data moves around your organisation, where it is geographically located, who owns it, and which people and processes access it. In short, to manage privacy and security risks within a comprehensive, integrated solution.

The product sits within Informatica’s broader data management platform, the Informatica Data Management Cloud, and accordingly shares common metadata, AI and connectivity layers with a range of other Informatica products, including other governance-focused offerings such as Enterprise Data Catalog, Axon Data Governance and Cloud Data Masking. Notably, the platform uses a single data intelligence scan to facilitate data discovery, cataloguing, quality and automation, enabled by CLAIRE, the platform’s AI layer.

Connectivity in general is broad, extending to relational databases in the cloud or on-premises, NoSQL data sources such as MongoDB and Cassandra, applications like Salesforce and SAP S4/HANA, cloud platforms including AWS, Azure and Google Cloud, as well as various file systems and ETL processes. In total, over 100 connectors are provided.

Customer Quotes

“With Informatica, we know we can trust our data and protect sensitive information whether it’s on-premises or in the cloud. That’s critical as we continue our AWS and data modernization journey.”
Aravind “Jag” Jagannathan,
Vice President and Chief Data Officer at Freddie Mac

Mutable Award: Gold 2022

Informatica’s approach is to first enable you to create actionable data privacy policies. Then, you discover and classify your sensitive data, analyse the risk posed by it in order to determine and prioritise further actions (most likely including masking or other anonymisation methods), carry out those actions, and track and report on all of the above. You’ll also uncover and map “identities” to your data as part of the discovery process that can be used to build a registry of data subjects and thereby respond expediently to rights and consent requests. The results of your discovery process (among other things) is presented in a data privacy dashboard.

The product’s facilities for discovering sensitive data, which can be run against samples of the data if required, are extensive, and can be automated using machine learning and AI. You can pattern match on the metadata (using either regular expressions or a data dictionary) and you can introspect SQL – both SQL queries and any SQL used for data movement purposes – though not stored procedures. Unstructured data is supported via NLP (Natural Language Processing) followed by the same sort of pattern matching.

Data is examined in its context, meaning that data that is only contextually identifying (which is to say, when combined with other information) will still be flagged. Proximity matching – in other words, distance constraints – can be used (for example, post code needs to be near city name) and you can define white (always sensitive) and black (never sensitive) lists. CLAIRE will make automated recommendations about what should be in these lists.

For unstructured data the product uses AI to look for parts of speech and otherwise relies heavily on the use of reference data. When potentially sensitive data is discovered, your system will either automatically agree that it is or is not sensitive, or decide that it needs human validation, according to configurable confidence thresholds. Discovery can also be actioned on images and documents (PDFs, for example) via optical character recognition, as well as compressed files and Outlook 365 emails (including attachments).

As mentioned, identity mapping supports rights requests, such as locating all of a given customer’s data. The product uses fuzzy matching to facilitate this, and it ships with various pre-built classification policies such as PCI, GDPR and so forth. This is augmented by out-of-the-box domain support (name, email address and so forth) as well as a handful of response templates for rights requests.

Finally, we should mention risk scoring. In addition to providing risk analytics and key performance indicators, including proliferation and user activity analysis on sensitive data, there is also risk simulation planning. This allows you to see the impact of using different approaches to protecting your sensitive data. Policy-driven alerting is also included, and can be used with sensitive data. Likewise for automated workflows.

Informatica is well-known as a market leader in the data management space, and has strong credentials in that regard. This certainly shows in its Data Privacy Management product, which offers a broad suite of capabilities that only get broader when you consider it as part of the company’s overall portfolio. This breadth is always an advantage, but sensitive data discovery particularly benefits because of how much it works in concert with other technologies – masking, policy management, and so on – to achieve the desired outcome of protecting your sensitive data and achieving regulatory compliance. We particularly like its support for managing identities, which makes a lot sense within the context of GDPR, CCPA and similar regulations.

Moreover, Informatica is a proponent of the idea (and in this case we wholeheartedly agree) that data privacy can be about more than just compliance. Rather, you can derive real business value from your privacy efforts. For sensitive data discovery, you can make headway in terms of the visibility and accessibility of your data, thus generating significant quantities of actionable data intelligence: recall that Informatica does not scan for sensitive data particularly, but rather for data intelligence generally. In turn, this can be used to examine and improve data quality, enable analytics, and so on.

The Bottom Line

Informatica offers a catch-all, value-oriented proposition for data privacy in general, and for sensitive data discovery in particular, that we find very appealing. It is well worth adding to your shortlist.