See how you can save 70% of the cost by reducing log volume and staying compliant.

Why Telemetry Pipelines Should Be A Part Of Your Compliance Strategy

4 MIN READ
4 MIN READ
April Yep

6.5.24

April has several years of experience in the observability space, leading back to the days when it was called APM, DevOps, or infrastructure monitoring. April is a Senior Product Marketing Manager at Mezmo and loves cats and tea.
4 MIN READ
4 MIN READ

In 2023, the global regulatory fines exceeded a colossal $10.5bn. It is not an isolated story. For the past few years, data, privacy, and industry-specific regulations have been getting stricter, enforcement is becoming rigorous, and non-compliance fines are going through the roof. Just look at this list on CSO Online of the biggest data breaches and subsequent fines companies like Meta, Amazon, and Equifax experienced in recent history. This situation has driven organizations to look at all possible areas for visibility into data and ways to apply control.

Telemetry data is one of the areas where logs, events, and metrics need to be monitored for sensitive data and privacy violations. Telemetry pipelines provides you a complete view and control of your telemetry data to help achieve continued compliance. 

Quick Refresher: What are telemetry pipelines

Telemetry pipelines help manage the collection, processing, enrichment, transformation, and routing of telemetry data from various sources to destinations such as analytics platforms. The key benefits of telemetry pipelines include troubleshooting, system performance improvement, and enhanced security.

From the compliance perspective, telemetry pipelines offer an opportunity to enforce compliance rules while you explore, process, and control the flow of telemetry data.  

True Story: How a data management company delivered compliance with telemetry pipelines

A large data management company powers innovative solutions for healthcare, financial services, pharma, retail, and many more verticals. One of their financial services customers wanted to ensure that their telemetry data does not contain PII, Personally Identifiable Information.

Now, PII is very tricky. According to the National Institute of Standards and Technology (NIST), PII is any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. This definition covers a wide spectrum of information, including biometric data and geographical indicators. The challenge is that most modern digital activities contain PII in one form or another. 

Telemetry data like logs or events often include email addresses, IP addresses, device IDs, or location data, which fall under PII. The financial services customer needed to identify and mask such information to ensure compliant use of data. 

  • The Challenge: Ensure there is no PII information in their telemetry data, especially in logs. 
  • The Solution: The data management company used Mezmo Edge to route the customer's log data through telemetry pipelines and then to the log analytics tool. Mezmo Edge takes a secure approach to data protection and enables the deployment of telemetry pipelines in the organization's own environment. Specifically designed for compliance, it enabled the customer to discover and mask PII in their log data before directing it to the log analytics tool.

  • The Result: The data management company was able to filter and redact PII from telemetry data, enabling the customer to meet compliance requirements. As Mezmo Edge also offers log data reduction capability, data volume reduction by 60% was an added bonus!

How you can reduce the risk of non-compliance with Mezmo

Under the GDPR, organizations can be subject to fines of up to €20 million, or 4% of the firm’s worldwide annual revenue, whichever is higher. HIPAA imposes non-compliance fines up to $2 million, and other regulations also have a detailed framework for fines and penalties. Besides monetary loss and legal actions, regulation violations also affect reputation, customer trust, and employee confidence.

Storage, use, and exposure of PII can become a huge liability if not managed early. This risk is not easy to mitigate, considering the growing number of channels from where PII can sneak in. For example, payment processing traces may include credit card information, e-commerce transaction logs may contain login details, and most events capture IP addresses. PII in telemetry data can be useful in debugging, incident diagnosis, and troubleshooting. However, for security and compliance, you may need to filter and redact it. Gartner Research notes that with telemetry pipelines, masking of PII and other sensitive information can be managed centrally.

Mezmo telemetry pipelines solutions can help you to reduce the risk of non-compliance of telemetry data.  Its Route Processor sends specific events to the Redact Processor and the Encrypt Processor before storage to obfuscate user ids and credit card numbers. Using route, encrypt, and filter processors, you can reduce your telemetry data in transit and at rest, potentially filtering out or pseudonymizing personal information. Pseudonymization replaces PII with nonidentifying data that can still be used to recognize a person. 

You can leverage telemetry pipelines not only to improve your operational efficiency and reduce costs, but also to ensure you meet compliance obligations and mitigate security risks. Mezmo has customized solutions for a number of regulations. Discover today how Mezmo can help you meet your risk and compliance requirements. Request a demo today.

false
false