Our Philosophy and Approach

There is an overarching philosophy and approach that we follow with the creation and design of the Security Marketplace, the PrivacyLabs Concierge consulting practice and the synergy between the two. We follow with the synergy of a more finely-grained choice of services we have found used most often and where there is significant synergistic overlap. 

At the highest level, we find that working smart in compliance involves a combined, risk-based assessment across what we refer to as the three pillars of compliance: Policy, Data and Controls. Keeping this process simple and understandable provides clarity and clarity brings coherence. In this way, defensible compliance is maximized while reducing timelines and costs. Our Marketplace Categories and complementary Concierge services are set up under these three pillars for an ecosystem that is just right, whether for your privacy, data protection or other compliance needs.

A Synergy of Services

We find that there are focused areas of services/products that are most valuable in the modern-compliance ecosystem. We refer to them as Unify, Automate, Secure and Audit. While services are offered individually, a risk-based analysis finds a synergy when services are leveraged in combination.

Unify

Planning and ongoing management of a comprehensive compliance program is best executed in platforms built for this purpose. PrivacyLabs has partnered with all major platform providers for maximum resource-efficiency. These platforms, offered in the Marketplace, are built specifically to bring your team and/or Concierge services together into one portal. Capabilities include:

  • Compliance-readiness assessments
  • Regulatory framework workflows
  • Data lineage and data-flow diagrams
  • Third-party and vendor-risk assessments
  • Assimilation of compliance frameworks such as those found in cybersecurity, cloud management and IoT

Automate

Use of software solutions and artificial intelligence provide safe and predictable execution of tasks that would incur far more expense and error if performed manually. Products and servces in various categories within the Marketplace can be leveraged with the help of Concierge services as needed. Solutions include:

  • Automated integration of privacy and data-protection tools to include triggering and execution of tasks, notifications, sequencing of simple processes, etc. 
  • Data scans of systems and repositories
  • Machine learning to identify and track sensitive, critical and private data
  • Machine learning to link like records to avoid duplication and to increase data quality
  • Identification and possible later removal of redundant, trivial and useless data

Secure

Security is arguably the most important single risk any organization has. Products in select categories within the Marketplace can be leveraged with the help of Concierge services depending on your context. Relevant areas include:

  • Protection of endpoints, mobile devices, email and social media (e.g. DLP)
  • Application security (e.g. OWASP, SAST / DAST, SCA, RASP, WAF, etc.)
  • Cloud security (e.g. CSPM, CASB, CWPP, SCAPE, etc.) 
  • SIEM and log-based analysis
  • Move to serverless computing and container-based microservices (e.g. Kubernetes, Docker, Lambda, etc.) for decreased threat landscape
  • Machine learning approaches to identify and mitigate most threat risks

Audit

One of the most diverse service areas, the Marketplace may be leveraged across all major categories to find the sweet spot of your needs. As always, Concierge is there to help. Audit areas can include:

  • Application security to include OWASP, SAST / DAST, RASP, WAF, serverless environments, etc.
  • All major cloud-security frameworks
  • Cybersecurity (e.g. NIST, ISO, SOC 1 / 2, etc.)
  • Privacy and data protection laws, e.g. GDPR, CCPA and other international and state laws

Interpretability, explainability, bias, fairness and efficacy of machine learning applications. We leverage auditing and assessment tools to include global and local interpretability and model-specific and model-agnostic approaches.