More data than ever before is being generated and stored by your organization. The form varies. It's structured and unstructured. [music] It's made up of business and non-b businessiness data, personal data that's regulated like PII [music] and sensitive data. Plus, it's private company data like financial and legal data and intellectual property. The data sources vary. It's in your NetApp storage. It's in non-Net app [music] storage. It's in SMB shares, NFS shares, S3 buckets. It's in [music] Office 365, Sharepoint, and One Drive. And the location varies. It's on prem. It's in the cloud. It's in multiple clouds. Basically, it's in all of these places, creating a cluttered mess and a headache for anyone needing to organize, protect, [music] and report out on this data like you may be required to do by law. So, how do you solve this? How do you know what kind of data you have, where it's located, and who can access it across this heterogeneous environment? [music] How can you help your organization comply with regulations to protect it? Well, Blue XP classification powered by data sense was designed to address this exact challenge. Today, I want to show you specifically how it can help you efficiently comply with requirements defined by GDPR, CCPA, [music] and PCIDSS. So, let's take a look. All right, so let's get started with the demo. So I'm in the blue XP control plane right now and as you can see I'm in the canvas. So first we want to uh navigate to governance and classificationwhere we'll get access to data sense. Data sense uses advanced AI content and context analysis to automatically identify and [music] categorize data according to regulations. And through this single pane of glass, you can see and manage your entire data footprint. [music] So for compliance use cases, we're going to go to the compliance dashboardand this focuses on compliance [music] related data. So things like personal identifiable information. Um and this is information that refers to an individual. [music] So things like credit card numbers, passwords, identification numbers, email, [music] email, [music] email, [music] IP address. Um but in this dashboard we can also see sensitive personal results and this is information like ethnicity or health information or religious belief preferences.In this short demo I'm going to focus just on two examples. First identifying and protecting payment card data to comply with payment [music] card industries data security standard or PCIDSS.[music] and second, identifying and reporting data to comply with data subject access requests. So, let's get started. Now, let's say you're a merchant or a financial institution, or really you're any organization that may have an individual's credit card information stored. [music] Requirement three of the PCIDSS is to protect stored card [music] holder data. So, you must not permit any unauthorized people to access stored card holder data, [music] and you should not store card holder data unless there's a legitimate business need. Let's first start by identifying how many files across all of our working environments have credit [music] card information in them. So, we see here that there are 400 items and we could click here to start [music] an investigation. And here we can see all of the files that have credit card information in our [music] organization. And the first thing that we want to know is if any of the stored card holder data is overexposed,meaning that it's open to all of the organization or to the public and may be accessed by unauthorized people. So first I'm going to look for open permissions. I'm going to click open to the organization. [music] And I can see here that it does find that we have files that are open to the [music] entire organization. We have nine of them. So this could be a problem. If we look into the details of this file, we can see that this is indeed open to the entire organization.And it also has six duplicates. You know, the duplicates make it really hard to be compliant with regulations because now you have six duplicates of this potentially spread across multiple data stores and some may be outside of the required secured location. So if we look at the duplicates here, we can see that we have some spread across our cloud volumes ontap environment [music] and some in our Azure NetApp files environments.We could also click here to get the specific details of the personal data that's [music] found in this file. And we can see here that we do have one piece of credit card information. So we do want to take action on this to fix [music] the exposure. So we want to start though by looking at which working environments house this data. If certain sources have a greater concentration of this data, then that's we want where we want to begin our remediation efforts. So if we go down to working environment, we can see that there are a number of different working environments [music] that contain this data. And if we filter here,we can see in this environment we have two items. Here we have two more. And then there's our six. So, this is where I'm going to want to focus my remediation efforts. Before I take any remediation action, however, I want to check to see if any of this data is being accessed or modified. And then when I'm finished with that investigation, I can take a few different actions. I can assign to somebody else in my organization. I can label files. I can move them. I could copy them or delete them. But let's first continue our investigation look and look at when the files were last modified. [music] modified. [music] modified. [music] So, we'll scroll down here and I can filter here to look for files that haven't been modified in, say, for example, a year. So, I'm going to select this and this. And I find four items that were last modified between 1 [music] and 5 years ago. But usually if you're going to take an action like say deleting files, you want to do it based on last accessed because you may have apps or processes that just open the file and read it without modifying [music] it. So you don't want to delete those. So you're going to come down to last access [music] and filter instead on when the data was last used. So I'll look for files that haven't been accessed in say [music] over 6 months. You'll see there are limited time options here and that's because the system automatically filters the other periods according to the results. So we only see the dates that refer to our data set. Now we see two items that contain credit card info that's open to the entire org and haven't been accessed in the last 6 months. So we can now take action to delete [music] or move them or assign them to somebody else for action. So I can select them all or individually and then come over here to move, copy [music] or delete. You'll see that my role doesn't have permission to take these actions, but I can assign this to somebody else in my org who does have the right permissions [music] and can take the appropriate action. I could also come down here and set a policy from [music] this search that says for example any data files with credit card information in it that's open to the entire org and hasn't been accessed [music] in say 6 months should be automatically deleted. So by creating this policy right here from this search I don't need to redefine the what if scenarios every time. So it's very straightforward and direct. Um, there are also built-in policies too [music]that I can edit and use to meet my needs. The other thing I can do is come here and create a report to share with say the [music] compliance manager or data owner to show them the most crucial problems that need to be addressed. The other important thing to look at when it comes to credit cards is the number of identifiers. So, this will show you files that contain many different credit card numbers in them. So if we go back to our credit cards, we could now filter on number of identifiers and if we select thousand1 for example, this will find files that contain over a thousand credit card numbers in them. So we see we have one file which means that somebody in the or is holding a database of credit cards that could be a huge potential problem. >> [music] >> [music] >> [music] >> So we can look at the information to see where it's located and if it's exposed and you know other parameters to [music] make sure that we can take the appropriate actions to ensure that it's protected. The next thing I want to show you is [music] how to create a data subject access request report to comply with regulations like CCPA and GDPR. [music]A data subject access request or DSAR is a request made to your org by an individual for access to information about the personal data you're collecting and storing about them. The DAR can then be used to request that their personal data be deleted. So you need the ability to gather this data quickly and report it back to the individual requesting it. You also need the ability to delete the personal [music] data if it's requested. With data sense, this report takes seconds. And without it, generating this report is a manual process that can take months.All you need to do to generate the DAR report is enter the subject's name or a known identifier, such as an email address, and it identifies all records with the subject's name. So, you have two options then. You could either download the report which can then be provided to the subject or you can [music] investigate the results where not only can you see all of the results but then you could get more info like when they were last accessed and then this is where you could also [music] take action likedelete the records if they're no longer needed andor [music] if the subject requests it. So, I had time for just two examples in [music] this demo, but data sense can do more in addition to this when it comes to regulatory compliance and even outside of regulatory compliance use [music] cases such as helping you clean your data before a cloud migration or reducing your storage footprint for cost optimization or helping you improve your security posture and prevent data leakage. There are lots of ways for you to learn more. You can get more product detail or sign up for a free trial or contact our experts to learn about our data discovery [music] assessment service that can highlight current risks and provide insights and prioritize recommendations [music] to fix them. Get in touch with us at netup.com/blexp.