Think of Personal Identifiable Information (PII) as gold that companies store about their customers. Gold must be kept in a safe place at all times, with restricted access, effective governance, and auditing to secure it.
However, we live in a world today where everything is code. Meaning more things touch corporate gold than ever before. We also live in a world where continuous delivery for engineering teams is a reality, not a pipe dream, meaning application code changes daily or hourly.
Back when monoliths were fashionable, you could count the number of apps that touched gold on a single hand; with microservices and cloud architectures, you’d need to be a 10ft centipede these days to count the number of apps on your hands.
Applications and code can change hourly, so how do teams know what is impacting PII data and corporate gold?
I asked a CISO this last week–he paused, laughed, and said, “it takes a village.”.
Ye Olde Visio Diagram, JIRA Ticket, Zoom Call, and Tagging
“Just look up this accurate architecture diagram in VISIO” – said no one ever. Architecture diagrams are out-of-date the second an engineer writes their first line of code, let alone the thousands of sprints that get sent down the pipeline later.
“We tag our apps and services with PII,” said someone who loves tagging. Tags become out-of-date the second a new CI/CD deployment, service, or microservice hits production.
“We do architecture reviews and ask teams if their apps touch PII,” said someone who thinks engineers know all the PII data flows in their apps. Tribal knowledge of PII data is a slippery slope. Remember, engineers, move around projects and have an average tenure of two years.
Understanding PII data flows, the impact of CI/CD, or application changes is a manual, time-consuming, inaccurate process that introduces pain and business risk for everyone involved.
Bionic: Map Your PII Data Flows
At Bionic, we’re helping teams make their apps secure and compliant as they adapt to the demands of CI/CD and cloud. We’re basically an x-ray that can continuously scan your entire application environment, and show you all services, APIs, dependencies, and data flows.
From a PII perspective, Bionic can map (and tell you) which apps and services are accessing PII data at any time, even when your apps change.
No visio diagrams, documentation, JIRA tickets, zoom meetings, or death by tagging.
Here’s a sneak preview: