A couple of weeks back, I had the opportunity to participate in the Gartner Security and Risk Summit held in National Harbor, MD. While my colleague, April Yep, has already shared insights on the sessions she attended, this blog will delve into the emerging data privacy concerns and explore how telemetry pipelines can effectively tackle these challenges.

Two key drivers behind current privacy concerns are the adoption of Gen AI and increasing government regulations. Here are a few statistics that underscore these points:

Adoption of Gen AI

Gen AI is prominently featured at the Gartner Security & Risk Summit. According to Gartner:

• 93% of organizations are currently implementing or developing AI technologies.
• 80% of leaders have identified the leakage of sensitive data as a significant risk.

Once a model is trained with privacy leakage, it cannot be undone; the only recourse is to delete the model and start anew.

Growing Regulations

Regulatory measures at both national and state levels are proliferating globally. Gartner reports:

• Such regulations have doubled from 67 in 2017 to 144 in 2021.
• These regulations encompass complex aspects such as data transfer, data residency requirements, and data localization policies.

Data leakage poses a significant risk and it is on the top of the minds of CISOs. How can organizations effectively address these challenges? According to Gartner, some of the key strategies being adopted include:

• Decoupling applications from data
• Implementing data localization
• Classifying and labeling data

However, this conference did not discuss how Telemetry pipelines can help both Observability and Security teams adopt the above strategies.

How does Mezmo Telemetry Pipelines help with data privacy?

Before we talk about addressing data privacy challenges, let me briefly explain telemetry pipelines. A telemetry pipeline helps manage the collection, normalization, enrichment, transformation, and routing of telemetry data from source to destination. Data can be collected from any source, such as applications, servers, databases, devices, or industrial sensors. The pipeline processes this raw data by transforming it into a usable standard format and routing it to the appropriate destination(s), such as Security Data Lake or analytics platforms such as SIEM or XDR.

Pipelines help you decouple your data sources and destinations by providing a single control layer to parse, transform, route, and analyze the data. Most importantly, all of the processing outlined above is done “in-stream” before the data persists!

Redacting PII data

As outlined above, telemetry pipelines offer many capabilities to process the data in the stream, including the redaction of Personally Identifiable Information (PII) data. It is much more efficient and beneficial to redact sensitive data before it persists!

Redaction Processor:

Mezmo’s telemetry pipeline offers a Redaction processor to scan, detect, redact, and alert when you detect certain PII data. This approach allows customers to redact sensitive data before it is indexed by a SIEM.  

Mezmo redact processor provides an out-of-the-box solution for common patterns, as shown below. Additionally, Mezmo provides actions to replace, anonymize, or hash the value. Hashing always provides one-to-one mapping. If you have an IP address, the same IP address is mapped to a single Hash, keeping one-to-one correspondence. You can still have the topological view without disclosing the actual IP itself. 

PII data can take many different forms and one size doesn’t fit all use cases. For example, Social Security Number (SSN) for Canada or its equivalent UK are very different. With Mezmo redact processor, customers define their own custom patterns using regular expression match across the whole message or specific fields. For example, below shows how to detect Canadian SIN using a customer defined regex pattern. As you see, customers can easily validate their regex quickly within the same tool.

You may be thinking pipeline redaction feels like masking the underlying issue! Ideally, customers want to fix their source applications so that PII data is not sent first. Mezmo redact processor provides visibility into the PII in two different ways:

• Customers can collect metrics such as the number of detections of PII presence, the type of PII, and which applications are the sources of this data.
• Ability to search for logs with redacted information in their own target SIEM or Data Lake. The Mezmo pipeline provides the ability to add a field or tag to the original log so that it is searchable within the target system.

Global data protection and privacy laws 

Global privacy laws often include data sovereignty, localization, and residency provisions. These laws regulate how data can be collected, stored, used, and transferred, and they can vary significantly from one country to another. 

A centralized solution is impossible as these laws change from country to country. You need a solution that can apply different sets of data controls based on location. Mezmo Edge is designed to address these requirements exactly.

Mezmo Edge

Mezmo Edge lets you run a telemetry data pipeline with the same functionality available in Mezmo Cloud but locally hosted within your own environment. This allows you to process the data locally before sending it to a central SIEM or security data lake. However, you can centrally manage the Edge pipelines without impacting the local privacy laws. 

Conclusion

Mezmo's telemetry pipelines offer a comprehensive solution for organizations seeking to enhance data privacy and compliance efforts. By integrating advanced redaction capabilities, customizable pattern detection, and robust analysis features, Mezmo empowers organizations to proactively manage PII and other sensitive data, ensuring regulatory compliance and maintaining stakeholder trust. Request a demo. 

‍