Co3 Systems, a Cambridge, Massachusetts based startup, made its official debut as a company this week, and also launched its first offering—a SaaS-based data loss management solution.
Looking to target an underserved aspect of breaches, Co3 says its solution can help businesses cut incident response process time by as much as half – significantly reducing the risk, expense and resources associated with data loss incidents.
With massive data loss continuing to accelerate at alarming rates, and a regulatory environment that grows larger and more complex by the day, Co3 Systems is bringing a solution to market that offers an automated, repeatable way to prepare for data loss events, assess their potential impact, and generate and manage incident response plans more efficiently.
Data loss is an issue that is intensified by a growing number of Internet connected devices, web-based business and consumer applications, and extended partner supply chains. The company points out that currently, 46 states, 3 Commonwealths and 14 Federal Agencies have legislation with differing deadlines and requirements – and that doesn’t take into account industry regulations such as PCI. With a process that fosters confusion, the imposition of fines for missed deadlines is common. Even for a modest incident of a few dozen records, these fines can easily surpass $100,000.
“The increased pace of data loss, growing complexity of the regulatory environment, and need to work across functions in the organization mean that spreadsheets just don’t cut it as a data loss management strategy. Firms need not only a more purpose-built solution to manage data loss, but also one that both techies in IT and external legal council will use,” said Lynch, Founder of LiamSoft Internet Security Ventures and a former Chief Security Strategist at eBay.
Many today’s security solutions are focused on attack detection and loss prevention, yet attacks continue to succeed with increasing sophistication and focus. Despite this, post incident solutions are few and primarily limited to attack forensics. Co3 Systems is hoping to change that.
“The security industry has always been about attempting to detect an attack before it does damage, or understanding how the damage was done, which leaves customers to figure out, ‘o-k so what do I do now?’” said Ted Julian, Chief Marketing Officer for Co3 Systems. “While some regulations provide leniency and time if controls like encryption are present or if law enforcement is involved, data loss must still be reported and the clock stops for no one.” Delivered as a SaaS-based service, the solution helps organizations streamline the incident response process with core functions including:
· Event Preparedness – organizational visibility to audit process effectiveness, refine controls/data inputs and historical information for reporting and monitoring. Customers can also run hypothetical loss scenarios to better understand risks and vulnerabilities as well as simulations to gauge incident response preparedness.
· Data Event Analysis – Customizable forms enable easy definition of breach scope and impacted data for analysis
· Liability Assessment – immediate risk assessment and liability estimate incorporating all current applicable regulatory requirements, deadlines and associated penalties
· Incident Response – clear and actionable incident response workflow, with the ability to create, assign and track all tasks to completion
Co3 Systems’ team also ensures that customers have the most up-to-date information regarding current and pending legislation with extensive links to source legislation, disclosure letter templates, contact information and policies. The company also maintains a network of lawyers and other practitioners in the field to routinely share updates, interpretations, and best practices.
The initial pricing for the service starts at $450 per month, and the company offers service packages based on the number of incidents expected on an annual basis. A free 90 day trial version is also available.