Data security firm PKWARE has acquired Dataguise this week in a play to better protect sensitive customer information around the globe, and to stay in compliance with the increasingly fragmented privacy regulatory landscape.
PKWARE, based in Milwaukee, Wis., sells encryption, data discovery, key management and data security automation services to customers in the healthcare, financial services and banking sectors. They’ve also received at least $6.7 million in federal contracting revenue since 2005, according to data from GovTribe. Almost half of that amount came from the Defense Information Systems Agency, which manages and oversees the information and communication networks at the Department of Defense.
Dataguise also offers a range of data protection services, but they specialize in security compliance intelligence for sensitive data stored in the cloud or traditional repositories. This is a differentiator that could be a gamechanger, when you consider the number of data security laws popping up in U.S. states and other countries, and the disparate or conflicting compliance obligations tied to storage of customer information across borders. Brandon Muirhead – director of Thompson Street Capital Partners, which owns PKWARE – said pairing Dataguise’s intelligence and tech was directly tied to meeting those needs.
Terms for the acquisition were not disclosed. SC Media has reached out to PKWARE and Thompson Street Capital Partners for more details.
Companies often map their data operations to stay in compliance with security and privacy laws, but that is becoming increasingly difficult. The European Union, India, China, Russia and individual U.S. states like California have established their own legal standards for how to handle sensitive data. At the same time those laws are being passed, industries have been making a widespread move to push much of their data and systems into the cloud or leveraging third party cloud providers who operate data centers around the world.
However, Tee Patel, co-founder at Iron Oak Security, told SC Media at a recent cloud eSummit that cloud providers are themselves struggling to deal with the same web of compliance laws.
“Your client base is global, so you could have cross-interstate clients accessing resources in [different] states, so it increases the complexity of your regulations statewide, nationwide,” the more countries you do business in, said Patel.
One way for companies to simplify that process and still take advantage of cloud services could be by refocusing compliance guidance by industry. The health care sector, for example, has created its own data security and privacy certifications with groups like the Health Information Trust Alliance. Rather than following the broader standard security and privacy policies established by cloud providers, companies can set up their own industry-specific guides and certification programs to navigate the most relevant laws in their space.
“A lot of cloud providers are agnostic in terms of their client base, irrespective if you work in financial, government healthcare,” said Patel. “Whatever sector it is, ultimately each sector has their own compliance frameworks…if you’re a health provider or insurance provider using a cloud service, you need to have assurance that they have control of their data in terms of the hosting and meeting obligations in terms of reporting back their assurance and compliance initiatives.”