skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

With its summer 2018 launch, Informatica made key announcements related to master data management (MDM), Intelligent Cloud Services, and data privacy and protection product functionality. For organizations that are struggling with GDPR compliance and related data protection regulations, the most notable of these announcements are Informatica's new capabilities around identity mapping, particularly the new Subject Registry. By taking an identity-centric approach to data privacy and data protection, Informatica is addressing compliance requirements in a way that reflects the core objectives of the regulations themselves. Because the General Data Protection Regulation and similar regulations emphasize the rights and freedoms of the individual, technological capabilities for compliance need to be focused on defining personal identity and mapping data accordingly to digital personas.

Identity mapping capabilities meet modern compliance needs

Security is the protection of data; privacy is the protection of the individual. So while security is a fundamental tool for achieving privacy, it is not sufficient. The enterprise then is faced with a practical problem in implementing data privacy measures and controls; "privacy" itself has a nebulous definition, varying based on regional laws and cultural standards. Identity is what provides a critical, functional link between the technical concept of security and softer concept of privacy. The definition of identity is concrete: practically all actions can ultimately be attributed to individuals or things. To make privacy policy actionable and obtainable, identity must be attributed and consequently managed. Modern data protection and privacy regulations around the world, such as GDPR, have recognized this and place emphasis on the management of data as it pertains to individual identities.

Informatica's summer 2018 release has introduced new capabilities that address this reality and allow the enterprise to specifically map identities rather than searching and managing data based on region or other identity-linked proxies and attributes. Essential to this ability is the new Subject Registry, a centralized interface for the management of identities. Named for the focus on data subjects (rather than topical subjects), Subject Registry consolidates control of data subject identity. The Subject Registry provides the enterprise with a single portal to discover the location of identity-linked information across data silos – cloud, hybrid, on-premises – and resolve individual identities and their relationships. Because the Subject Registry makes it possible to understand sensitive data based on individual identities, intelligence can be provided on various data attributes: location, protection status, and calculated risk level. The identity-centric approach enables the critical ability to fulfill data subject requests; when an individual invokes the right to data erasure or data access, the enterprise can now easily locate all data associated with that persona, regardless of where the data resides in the distributed IT ecosystem. While the Subject Registry has immediate applications for GDPR compliance, its functionality and design are ideal for meeting the needs of any data protection regulation that places emphasis on the rights of the individual.

The new identity capabilities in the Informatica summer 2018 release are part of the Secure@Source product offering, and identity indexing is available out of the box. Informatica's decision to package identity mapping capabilities with Secure@Source is both a strategic and practical one; once the enterprise defines identities and associates all sensitive data with individual personas, the next step for regulatory compliance is to ensure that the personal data has the correct technical controls and protective policies applied to it. Secure@Source provides powerful data remediation capabilities: masking, encryption, and orchestration of Apache Sentry and Apache Ranger can all be enacted via the product once data has been identified. The environment allows the enterprise to not only find and associate relevant data with the correct identities, but then transition seamlessly to applying policy and protective controls to that data without toggling between products.

Informatica's choice of branding for the Subject Registry potentially lends itself to ambiguity; "subject" carries multiple information management connotations, and the capabilities for managing data subject identity may not be immediately apparent from the product name alone. However, the underlying identity mapping capabilities fill an important gap that existed in Informatica's functionality. Previously, the enterprise leveraging Informatica had to search for personal data based on various attributes linked to identity; identity could not be natively defined or mapped. With the new identity capabilities, Informatica provides a centralized way for the enterprise to meet compliance requirements and fulfill data subject rights amid an increasingly diverse IT ecosystem of distributed silos and repositories.

Appendix

Further reading

Aligning GDPR Compliance with Existing Business Objectives, INT002-000164 (August 2018)

"Identity is the missing link between privacy and security," IT0014-003238 (February 2017)

"Informatica further strengthens its compliance stance with AI," INT002-000129 (June 2018)

Author

Paige Bartley, Senior Analyst, Data and Enterprise Intelligence

paige.bartley@ovum.com

Recommended Articles

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316


Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now