I recently had a chance to sit down with Dave Marshall over at VMBlog to talk Concentric and our most recent product launch. Our interview originally appeared here. Thanks Dave for the chance to share the Concentric story!
VMblog: It has been a few months since our last interview. Can you please tell me how 2020 wrapped up for Concentric, and how things have been going?
Concentric came out of stealth just a few weeks before the first COVID lockdown. As I drove home from work for what would turn out to the be the last time in 2020, I admit I was worried about how we’d weather the pandemic.
But it turned out to be a pretty good year for us. We managed to land some great customers and release a number of exciting new product capabilities. Of course, there’s no telling how things would have been different without the pandemic, but we’re heading into 2021 with our code protecting tens of millions of documents and our engineering team at full steam.
VMblog: Tell me about this new solution you launched last month with a user-oriented view into data risks.
Our product’s called Semantic Intelligence, and it’s an AI-powered data access governance and risk management solution. We autonomously find business-critical data and assess it for risk. We provide a few different “lenses” for looking at your data. One of those lenses, for example, highlights personally identifiable information (PII), which is huge if you’re dealing with compliance regulations.
Our new User360 capability is another lens that shows data from a user-centric point of view. That gives the IT team a simple way to see the data footprint for a specific individual. You can, for example, spot files that a user doesn’t normally have access to, or identify specific files owned by the user that aren’t adequately secured. That makes it easy, for example, to maintain security hygiene for key employees who might have access to a number of high-value files or to monitor if an equity trader has access to documents with insider information.
VMblog: And you also added structured data protection as a new capability, is that right?
We did. Compliance and data protection are the goals, but the tactics you’ll use for millions of end-user files versus the millions of records in your databases are quite different. Few databases were designed with privacy in mind and database designs often predate modern privacy regulations. Sensitive information is often scattered across different databases, in different tables and in different fields. Sometimes PII is duplicated across tables or databases. Finding it all can be tougher than you might think.
We leveraged our foundational data analysis technology to make the process autonomous and accurate. Now our customers can evaluate risk and review access from a single tool. The solution’s in production at a few customers already and we’re seeing lots of interest in the market.
VMblog: Aren’t there already plenty of solutions out there already offering risk analysis and data protection for structured data?
Structured data is, by definition, data that’s in a database. IT professionals have, of course, committed substantial resources to database security. But a glance at the news shows data loss is still an everyday occurrence.
Database protection is a microcosm of defense-in-depth, and some of DiD layers are more mature than others in the database world. As regulatory mandates get stricter and focus shifts to privacy protection, our customers told us they need more comprehensive PII analysis and assessment that spans structured and unstructured resources.
That’s what we’ve focused on, and we’re in a great position to do it. We started with the harder unstructured data problem and now we’re uniquely positioned to provide PII assessment and access governance across all data in an enterprise.
VMblog: Are you still using artificial intelligence in your solution to power these newly launched functions for on-premises and cloud data repositories? Specifically, how is AI being leveraged?
We remain very focused on AI because it’s really the only way to dig deep into the details of data at any reasonable scale. Both User360 and our new structured data capabilities extend our natural language processing and risk analysis expertise. And both work on-premises and in the cloud.
VMblog: What are some of the key benefits organizations can realize with these new capabilities?
Concentric’s gives IT teams leverage by giving them more capacity and expertise. Capacity’s important because the amount of enterprise data’s exploding. There’s just no way to keep tabs on millions of data elements by hand. Automation is an absolute necessity.
But once you start getting into the nuts and bolts of IT automation, you soon discover you need expertise to make it work. Let me give you an example. A typical enterprise has a number of specialized functions, like the legal department and the engineering team. Specialized teams create specialized content, like contracts or source code files. An IT organization charged with protecting data first has to understand what they’re looking at, and that’s not realistic given the complexity of a modern enterprise. So that’s the second thing we provide: an expert system capable of understanding data across the functional spectrum.
VMblog: Can you describe a typical customer for this new solution? What are they trying to accomplish?
Many of our customers are focused on PII and privacy protection, and for them Concentric is a great timesaver. They don’t have to switch between tools to get the complete picture they need to manage data privacy. Increasingly it’s not just the usual suspects in regulated industries (like healthcare), but also organizations who want to avoid customer data loss and the reputational damage that can cause.
Our User360 customers are finding lots of ways to use the feature. Some are watching high-privilege accounts to be sure they’re following good access control practices. Executives, for example, have access to sensitive documents but they make mistakes just like the rest of us. With User360, we can easily spot access control mistakes these high-risk individuals might make, like storing sensitive info in folders that everyone in the company can see. (We see that all the time, by the way). User360 is also a great tool for managing employee transitions out of the company or between departments. And we’ve seen customers use it for forensics, to identify how a breach may have occurred or proactively spot policy issues that could expose data to unnecessary risk.
VMblog: And has anything changed since we last spoke about what can we expect to see from Concentric later this year?
We introduced some new activity-based analysis capabilities late last year and that’s an area where you’ll see more exciting work from our team. It’s all about giving customers more and better lenses into their data so they can get the insights they need. We’re also continuing our work on expert recommendations and remediation options that will empower IT professionals.
VMblog: It has been great speaking with you, Scott. Anything you want to add or leave our readers with before we wrap up?
We’ve recently added a new risk assessment report to our product portfolio. For customers who just want a snapshot of their data, Concentric will scan what they have and deliver a report with access governance recommendations and a risk analysis. For companies who need immediate help with a data access audit or who could benefit from some deeper insights as they develop their security strategies, it’s a great option.