skip to main content

Ovum view

Summary

With its summer 2018 launch, Informatica made key announcements related to master data management (MDM), Intelligent Cloud Services, and data privacy and protection product functionality. For organizations that are struggling with GDPR compliance and related data protection regulations, the most notable of these announcements are Informatica's new capabilities around identity mapping, particularly the new Subject Registry. By taking an identity-centric approach to data privacy and data protection, Informatica is addressing compliance requirements in a way that reflects the core objectives of the regulations themselves. Because the General Data Protection Regulation and similar regulations emphasize the rights and freedoms of the individual, technological capabilities for compliance need to be focused on defining personal identity and mapping data accordingly to digital personas.

Identity mapping capabilities meet modern compliance needs

Security is the protection of data; privacy is the protection of the individual. So while security is a fundamental tool for achieving privacy, it is not sufficient. The enterprise then is faced with a practical problem in implementing data privacy measures and controls; "privacy" itself has a nebulous definition, varying based on regional laws and cultural standards. Identity is what provides a critical, functional link between the technical concept of security and softer concept of privacy. The definition of identity is concrete: practically all actions can ultimately be attributed to individuals or things. To make privacy policy actionable and obtainable, identity must be attributed and consequently managed. Modern data protection and privacy regulations around the world, such as GDPR, have recognized this and place emphasis on the management of data as it pertains to individual identities.

Informatica's summer 2018 release has introduced new capabilities that address this reality and allow the enterprise to specifically map identities rather than searching and managing data based on region or other identity-linked proxies and attributes. Essential to this ability is the new Subject Registry, a centralized interface for the management of identities. Named for the focus on data subjects (rather than topical subjects), Subject Registry consolidates control of data subject identity. The Subject Registry provides the enterprise with a single portal to discover the location of identity-linked information across data silos – cloud, hybrid, on-premises – and resolve individual identities and their relationships. Because the Subject Registry makes it possible to understand sensitive data based on individual identities, intelligence can be provided on various data attributes: location, protection status, and calculated risk level. The identity-centric approach enables the critical ability to fulfill data subject requests; when an individual invokes the right to data erasure or data access, the enterprise can now easily locate all data associated with that persona, regardless of where the data resides in the distributed IT ecosystem. While the Subject Registry has immediate applications for GDPR compliance, its functionality and design are ideal for meeting the needs of any data protection regulation that places emphasis on the rights of the individual.

The new identity capabilities in the Informatica summer 2018 release are part of the [email protected] product offering, and identity indexing is available out of the box. Informatica's decision to package identity mapping capabilities with [email protected] is both a strategic and practical one; once the enterprise defines identities and associates all sensitive data with individual personas, the next step for regulatory compliance is to ensure that the personal data has the correct technical controls and protective policies applied to it. [email protected] provides powerful data remediation capabilities: masking, encryption, and orchestration of Apache Sentry and Apache Ranger can all be enacted via the product once data has been identified. The environment allows the enterprise to not only find and associate relevant data with the correct identities, but then transition seamlessly to applying policy and protective controls to that data without toggling between products.

Informatica's choice of branding for the Subject Registry potentially lends itself to ambiguity; "subject" carries multiple information management connotations, and the capabilities for managing data subject identity may not be immediately apparent from the product name alone. However, the underlying identity mapping capabilities fill an important gap that existed in Informatica's functionality. Previously, the enterprise leveraging Informatica had to search for personal data based on various attributes linked to identity; identity could not be natively defined or mapped. With the new identity capabilities, Informatica provides a centralized way for the enterprise to meet compliance requirements and fulfill data subject rights amid an increasingly diverse IT ecosystem of distributed silos and repositories.

Appendix

Further reading

Aligning GDPR Compliance with Existing Business Objectives, INT002-000164 (August 2018)

"Identity is the missing link between privacy and security," IT0014-003238 (February 2017)

"Informatica further strengthens its compliance stance with AI," INT002-000129 (June 2018)

Author

Paige Bartley, Senior Analyst, Data and Enterprise Intelligence

[email protected]