How do small and medium-sized businesses make sure that the sensitive personal information and health data of their customers and employees is safe — and that it isn’t stored by mistake on services such as Dropbox, Microsoft’s OneDrive and Google Drive?
That’s the business problem that Seattle-based secure online sharing and collaboration tools provider Onehub is aiming to solve with the launch of its new Marshal data-loss-prevention online scanning tool.
Charles Mount, CEO of the 10-year-old, 20-person company, says the need has grown for a tool that helps companies scan files stored within online storage services — and that there was really no affordable solution to meet the need.
Marshal is a free, web-based service that works by allowing users to select the file storage service they want to scan, then specify the types of threats they want to scan for (current options allow Marshal to detect credit card numbers, social security numbers, email addresses and phone numbers within common file types) and run the scan.Running the scan results in a report that shows all the files in which the specified information types were discovered – and allows users to click on the files to open them in place, correct the issue, and then save the files with the personally identifiable information (PII) or protected health information (PHI). When a scan is run, Marshal makes a temporary copy of the files it is scanning and then deletes them when the scan is complete. It uses the OAuth open standard for authorization to allow Marshal to conduct future scans without requiring users to enter credentials every time.
The business model calls for Marshal to be a freemium service, with a basic free set of features at launch, and additional high-level features added over time for premium versions of the product, for which the company will charge.
“The second phase after (launch) is to build a set of tools — to do things like running scans on a schedule, take action if you find something and quarantine a file,” said Mount. “Over time, there will be a set of premium features that will be on a SaaS (Software as a Service) model. Our plan is to build it into an enterprise SaaS product that we generate revenue from.”
He said the company didn’t have to raise any money to build Marshal – and that Onehub has been cashflow-positive for the last two years.
The ongoing need for this enterprise data loss prevention solution was underscored in a joint study conducted last year by IBM and Ponemon Institute. It revealed just how much money data breaches were costing companies globally.
Their “2016 Cost of Data Breach Study: Global Analysis” pegged the average total cost of a data breach for the 383 companies participating in the research at $4 million. Meanwhile, the average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in the 2016 study.
Charles Mount said he initially wants to give small- and mid-size business the capabilities to tackle this issue without the huge costs associated with the many well-entrenched enterprise data-loss prevention solutions (from providers such as CA, Intel Security/McAfee and many others). “Small businesses and mid market companies can use Marshal to understand the risks about where they store their data in the cloud,” he said.
Mount added that he has seen real demand for this kind of product from companies facing the requirement to comply with data privacy and data protection laws in many industry sectors (including online retailers, health care providers, and the HR departments of large companies), a number of countries, as well as the European Union.
“There are a lot of laws in the EU and the US for companies that have to be PCI complaint,” he explained. “Companies not only need to know what data threats exist, but also where they exist. There are geographic issues that come up with what data is stored and where it is stored. We see that as a future need — clarity on data residency and where a file sits physically — to conform with compliance laws.”
He also pointed out that European Union laws around PII are much more strict than in other countries — and that different rules can apply depending on whether data is sitting in a datacenter in the UK, Germany or France. “That will be valuable data we can give back to our customers,” he says.
In the future, Onehub may also explore features that would allow Marshal to conduct scans of files on corporate networks. For now, however, the company is positioning Marshal as “the easiest and fastest way for the SMB and mid-market to uncover sensitive data currently unprotected in their cloud storage accounts.”