Cloud Migration Privacy: 3-Wk Assessment.

How well are you complying with your policies for managing and securing Personal Data, PII, and PCI? To complete a successful and compliant migration of documents or data to Azure cloud storage accounts, you need to understand and record the personal data that is being uploaded, or strip the personal data out prior to migration. Using our Insight Engine discovery platform, we perform a full scan of text-based documents in one location to show you the prevalence of Personal Data, PII, and PCI in that location, plus its exposure to your employees. Your workforce gets full interactive use of our compliance dashboard and discovery tool for six days. At the end of the process, we provide a report and run a workshop to help you define and fully understand your remediation options, and the impact that any data present might have on the migration to Azure Storage Accounts, Azure database technology or Microsoft 365. Options might include selective deletion, anonymisation, labelling, retention or alternative migration of personal data to ensure good governance and compliance of that data. This allows you to protect it, inform data subjects of its location and service Subject Rights requests. In doing this, you can speed up your adoption of cloud storage and can integrate with Azure Information Protection labelling to properly protect information once it has been moved to the cloud. In the 2 weeks prior to the audit, you will be provided with the specifications for the required infrastructure and will carry out your change approval activities and commission the infrastructure required to support the discovery tooling. You will need to provide us with the required access to your environments. This could be VPN, remote desktop, or you could ship us a laptop. Once we kick off, we follow the detailed agenda below.

Agenda

Day 1 Architecture Workshop – here we discuss access to the service, integration with your security services for authorization, and access control. We identify and scale the source for the content to be indexed and analysed. We write up the architecture in our standard format and provide this for you as reference material.

Day 2 Personal Data & PII workshop – we run you through a standard set of options for reducing false positives in our PII and Personal Data detection process. We write up the requirements.

Day 3 Deploy our Insight Engine and associated services.

Day 4 Configure the detection rules.

Day 5 – 8 Crawling / discovery of the source information and enrichment with metadata according to the standard detection rules.

Day 9 – 14 Hands on overview of the Compliance App user interface and reporting. Free access to the app for your compliance users with phone support. Export PDF and Excel Reports.

Day 15 Report Playback. We explain where your risk lies, the scale of the risk and the remediation options available. Final report extract and service shut-down.