Digital Guardian Review

The classification engine enables you to set up inspection rules to determine whether data has PII


What is our primary use case?

We use the solution mainly for data classification and data loss prevention. We're seeing this solution being used by everyone from mid-market, medium-sized banks or financial institutions to insurance carriers, and we see it deployed at companies that work with personally identifiable information. 

How has it helped my organization?

One of the ways in which this technology has improved our organization is that it is set up in such a way that they have strict data classification rules. So if an end user wants to upload or email a document to one of their personal accounts, they are able to block certain files or certain information. They are able to block certain information from leaving the enterprise and corporate network.

What is most valuable?

What our customers find most valuable in Digital Guardian is the rule sets that they have for data classification. They are already set up to search for PII data, which is basically the personal identifying information for our customers. So you can quickly use their classification engine, or rule set, to set up inspection rules to determine whether data has PII, like social security numbers, date of birth, addresses and things like that.

What needs improvement?

I would like to see the workflow, to get all the rules and policies set up, be less complicated. If you've been in the field and have the technical knowledge, it's fairly intuitive, but the hardest part is setting everything up and doing the validation for the other rules. I think the whole system needs improvement, even though it works fine the way they designed it. The problem comes when a tool is written by engineers for engineers, and not necessarily for someone who doesn't have that background. Someone like a high-level manager. 

Some clients find it hard to set up all of their PII types. The interface also has some limitations in terms of which browser you can use. For me, that's the biggest headache. For the version we use, you must use Windows Explorer. The background requires you to have a bigger insight into the business processes. It's not just a tool that you can simply drop in and expect to work because there is an impact on business operations.

I would also love to see integration with cloud offerings, Like AWS, Azure, and GCP. And better browser support. 

For how long have I used the solution?

I am a systems integrator and I've been using Digital Guardian 731 for about three to four years now.

What do I think about the stability of the solution?

I would say the stability of the solution is determined by whether or not you follow the recommended installation guidelines and sales engineering guidelines. Outside of that there are no guarantees, and we've had issues trying to push the boundaries. For instance, if the system requires you to use Internet Explorer, you may experience operational issues when you use another browser. So it doesn't mean that the system is unstable, it is just that the way the application is written, one may expect issues with the response codes from the different browsers.

What do I think about the scalability of the solution?

We did have some issues with scalability, in terms of the HA replication, and the number of agents they have. In terms of the actual boundary limit, and what that boundary looks like, I don't know where scalability becomes an issue. I know we had issues going from region to region replication for those rule-sets.

I primarily work with Digital Guardian deployment for different clients using virtual infrastructure because I had a private cloud. I use them because they created an MSP version of their software. Colleagues of mine that used the standard appliances as well as the MSP version don't have any issues.

How are customer service and technical support?

The technical support is really terrific. 

If you previously used a different solution, which one did you use and why did you switch?

A lot of individuals that we get into contact with didn't have a previous solution in place. 

How was the initial setup?

The initial installation of the software in the server is actually very straightforward and it is quite easy to install. It can, however, be a challenge for entities that do not have a data governance policy or structure already in place. This tool doesn't help them develop that, it only applies what the current policies are for data classification and data control.

It took me about three weeks to deploy the solution, but when a client has no data classification and they have to develop those systems first, installing and deployment might take as long as six months.

Provisioning is not a full-time job, but the continuous maintenance from all the alerts that occur from the different rule-sets that are created is based on the size of the organization. We've seen as little as three people managing alerts on a 24/7 basis, and we've seen companies where the alerts go to a security operations center, where there is an entire systems engineering department that helps triage those alerts. 

That is a problem with this tool - you can go from having nothing to do with this tool based on your policies, to having continuous tickets and a workload that requires you to get more staff to meet your IT Operations demand. 

What was our ROI?

I definitely see ROI in terms of data that has not left the company. If you're under GDPR and you prevent private information from leaving, then you see immediate value in returns. 

What's my experience with pricing, setup cost, and licensing?

Our customers are happy with the pricing. There are additional costs if you use support contracts directly to Digital Guardian, so they do have professional services. These add-ons are helpful in building out rules, or in the event that the client has custom templated data. The professional services help to create the regular expression engine to detect that data. So, they do have professional services to actually help create these custom data cost-efficient rules.

Which other solutions did I evaluate?

Yes, they looked at other options like Symantec DLP, Forcepoint, and a few others. But based on technical needs or the way they could operationalize, they chose Digital Guardian. So if you look at enterprise data loss prevention this solution is the best.

What other advice do I have?

I would recommend that you start looking at policies that would come out of the privacy office, or the DPO, the Data Privacy Officer. Most companies don't have a DPO, and that's why they really need to start looking at creating data classification guidelines and policies and understanding the impacts to the business on where their data flows and how it flows because this impacts the configuration of the digital guardian solution.

I would rate this solution an eight out of ten. It's not perfect, but it gets the job done.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment
Guest
Sign Up with Email