point
The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

April - 2009 - issue > Company Spotlight

MENTIS Software Answering the What, Where, How, & Who of Sensitive Data

Jayakishore Bayadi
Wednesday, April 1, 2009
Jayakishore Bayadi
When a major American public company decided to do more to protect the personally identifiable information (PII – name, address, Social Security number & driver’s license number) of its customers, their Head of Financial and HR Systems turned to MENTIS Software.

The executive described the problem: “We hear about data breaches every day. Not wanting to be a negative headline is an obvious motivator, but doing what’s right to protect the information of our customers and employees is our driving force. To adequately protect this information, we first needed a comprehensive map of all of the locations of PII data across all our enterprise databases. We looked to MENTIS because this critical capability was built into their Framework, which is shared by all their solutions.”

The company used MENTIS’ data classification capability to first document WHAT was sensitive to its organization. Next, they deployed the MENTIS data crawling and pattern recognition software to scan their databases to determine WHERE sensitive data was located across their databases. “MENTIS was able to document known locations of sensitive data as well as unknown locations – where sensitive data had been propagated through internal processes or through the efforts of tenacious application users – locations that our existing documentation had missed,” the executive explained.

Such experiences are common among MENTIS’ customers. The firm, which provides information security solutions for databases and applications, was founded in 2002 by Rajesh Parthasarathy. As a Chartered Accountant turned technologist, his skills include an ability to see the vulnerabilities in the information technology stack, often far in advance of current security trends. Parthasarathy and the MENTIS team have built a culture of innovation and thought leadership, which enables them to remain on the cutting edge of information security. “We keep coming back to one idea: that you have to know your risk, understand your exposure,” said Parthasarathy. “And we’re finding that sensitive data is literally everywhere in an organization’s systems.”

“Sensitive Data Creep,” Parthasarathy continued, “is what we call a phenomenon where sensitive data in databases is propagated into unknown and unexpected locations. In addition to the known fields and columns where PII is expected to be stored, we’re seeing that in fact very often it is also stored in description columns, attribute fields, log and debugging messages, etc. – areas that are intuitively not critical in the lay person’s eyes. Think of it as a behind-the-scenes movement and storage of data as a result of everyday use.”


Share on Twitter
Share on LinkedIn
Share on facebook