October 13, 2022

Last Updated on January 18, 2024

Foundational steps in developing any privacy program include mapping where your personal data resides, and then conducting a data protection impact assessment (DPIA) to evaluate potential risks to that data.

On a recent episode of The Virtual CISO Podcast, Dimitri Sirota, CEO at BigID, explained how his firm’s technology helps both SMEs and enterprises address privacy and data protection challenges. Hosting the podcast is John Verry, Pivot Point Security CISO and Managing Partner.

BigID technology levels

Dimitri likens his company’s BigID solution to an open-faced sandwich. The foundational “bread” that supports everything else is the discovery technology. On top of that are the data analysis capabilities, which can vary depending on whether your focus is privacy, security, data governance or retention. The top layer is a customer-specific set of modules analogous to an app store, which leverage the APIs that BigID exposes.

“Let’s say you care about data rights or data subject access requests (DSARs)—there’s an app for that,” says Dimitri. “If you care about a record of processing activities (ROPA), there’s an app for that. If you want consent, there’s an app for that… The modular format allows you to grow with your customers. You don’t have to buy everything.”

SME capabilities

While BigID is designed for enterprises, the company recently introduced SmallID, a lightweight SaaS offering that integrates basic data protection and data privacy for SMEs.

“SmallID, by definition, we want to simplify,” explains Dimitri. “SmallID has more of a combined, integrated feeling. It basically provides everything in a unified pack.”

The rationale is that most SMEs would gladly trade a high degree of configurability in this type of solution for convenience and ease of use. SmallID aims to deliver a simplified experience. If your needs grow significantly, you can transition smoothly to BigID.

Exposing APIs

Apropos of the app store metaphor, BigID exposes and documents all its APIs. Modules are being co-developed with partners, and some vendors and system integrators are also building their own “apps.”

“That’s just in the early phases, but obviously the dream is to not just have 45 apps but maybe 4,500 one day,” Dimitri relates. “So that whatever your heart desires in the data-visibility-control sphere, whether it’s in the public cloud or a hybrid cloud, there’s a capability inside of BigID.”

“That sounds win-win, especially as we see dozens of different privacy frameworks going out there and having very specific differences that you might need to report on with one versus another,” John observes. “Having somebody who specializes in that… that model sounds pretty cool, to be blunt.”

What’s next?

To hear this podcast episode with Dimitri Sirota in its entirety, click here.

What basic steps are required to achieve privacy compliance when you may be subject to multiple, overlapping statutes? This blog post offers insight: 4 Essential Steps to Privacy Compliance