Customers post sensitive personal information (PII or PHI) on Zendesk tickets for a given business function. Some of the burning reasons on why your Zendesk account needs to be protected:
All organizations are subject to security attacks and breaches. Zendesk is also not immune. In 2016 Zendesk was subject to a data breach exposing 10,000 Zendesk accounts where sensitive PII (Personally Identifiable Information) was accessed.
Compliance: Every day government legislation is passing Consumer Privacy laws geared to protect consumer data from malicious entities. California and Illinois have been the latest to introduce these laws, including a Biometric Information Privacy Act. For many organizations, data can be spread across a wide range of systems, which can be challenging to keep up with Privacy law enactments. It is a nightmare for companies to do manual cleanup of those sensitive messages sitting within your employee's Zendesk account as deep inspection is time-consuming and error-prone. At the same time, you need to stay compliant and prevent exfiltration of sensitive data.
In the first six months of 2019, a reported 3,813 data breaches affected 4.1 billion records, an increase from 2018. Of which, 70% of leaks exposed user emails, while 65% included sensitive information revealing passwords. According to IBM, the average time it takes for an organization to identify a data breach occurred is 206 days, with an organizational cost of $3.92 million.
Strac Zendesk App is a Data Loss Prevention (DLP) software. There are 2 modes:
Detect Only: Once configured, it automatically discovers sensitive comments and attachments. Customers can see Findings of sensitive tickets in the Strac UI Vault and get notifications.
Redact: Once configured, it masks (aka redacts or removes) sensitive comments and attachments while still giving the opportunity to authorized users to view those Zendesk tickets in Strac UI Vault. With this, you will block sensitive PII or PHI in Zendesk tickets.
A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed which messages.
Below is a sample list of sensitive data elements that will be detected & redacted:
Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
Payments (aka Financial Details) or PCI (Payment Card Industry) Data Elements: Bank Account, Routing Numbers, Credit Card Number, CVV, Expiration Date, Debit Card, IBAN, etc.
Secrets: API Keys, Passwords, Passphrases, etc.
Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
Physical Network: IP Addresses, MAC Address, etc.