FAQ

Privaclave is addressing the enterprises challenges of implementing data-centric security in an easy, transparent, non-invasive manner. It's replacing the manual, time-consuming, complex, and expensive tasks via AI-driven automation. The foundational value propositions of Privaclave are:

• Continuous & Runtime, Intelligent Sensitive Data Discovery and Classification
• Immediate and Automatic Data Security Posture Elevation – Risk Identification to Risk Remediation Continuum
• Persistent Data-centric Protection – While At Rest, In-Transit, and even In-Use
• Non-invasive and Automated - Zero Application Touch & Total Abstraction from Tech Stack
  

Privaclave makes it easy and quick for enterprises to elevate their data security posture and truly secure their data, and reduces their spend on data security significantly.

Enterprise can realize:

• 80% Cost Avoidance in implementing effective data-centric security
• Rapidly reduce risks - From years, to Weeks, if not days, of risk reduction
• Comply to various industry regulations and standards
• Alleviate the chances of data breaches and avoid millions in penalties, settlements, legal fees, insurance, notifications, etc. costs
• Focus on business outcomes, while automation takes of data privacy and security
  

Privaclave is not reinventing the wheel. There are too many encryption and tokenization solutions out there in the market. What Privaclave is solving is enabling businesses to use encryption and tokenization of individual data elements in a transparent, non-invasive way. Its a glue between business applications and encryption/tokenization APIs. It does however offer industry standard encryption and cryptographic tokenization natively. But it also extends itself to integrate with any other vendor solutions if customers have an existing solution in place, or has a strong preference of a particular solution.

Vendor solutions categorized under the Data security posture management (DSPM) focuses primarily on discovering data, understanding access to data, track data flows, identify exposures, assess and report on the findings. Enterprises are presented with the findings to take action on. DSPMs are point-in-time inventorying exercise via targeted scans of data-stores. They surface the risks via an ocean of metadata for enterprises to analyze, assess, and prioritize. They are NOT a security control.

Privaclave is NOT a DSPM - It pivots from the traditional and incumbent approaches towards data discovery and classification by making it continuous and runtime, and enables enterprises to elevate from risk identification to risk remediation automatically and immediately in a single integrated function, implying that its not about just managing your data security posture - its about ELEVATING your data security posture. 

Privaclave transparently resides at the services layer to intercept data automatically, detect and classify the sensitive data elements, and obfuscates them individually based on the policies defined, using data-centric protection mechanisms including encryption, tokenization, masking, and hashing. Privaclave is completely decoupled from the application stack and data pipelines, entirely transparent and non-invasive, while keeping the data persistently protected while at rest, in transit, and even when in use. Privaclave also selectively re-identifies data for authorized applications and users when they are consumed, based on IAM/IdP roles and permissions. Privaclave integrates with enterprise logging and monitoring systems to provide visibility of data movement and treatment at real time.

Yes. Privaclave has connectors to integrate with other solutions including key and secrets managers, encryption and tokenization solutions. However, it also offers its own native solutions.

LLM applications must incorporate robust data sanitization practices to prevent sensitive user data from entering the training model. The interaction between the user and the LLM forms a two-way trust boundary, requiring vigilance in both input and output handling. Restricting the types of data returned by the LLM can help mitigate sensitive information disclosure.

Privaclave provides enterprises with a transparent, non-invasive solution for integrating effective data sanitization and scrubbing techniques. It ensures that sensitive data does not enter the AI/LLM training model, even during model enrichment or fine-tuning. Privaclave detects and sanitizes sensitive information at run-time, throughout the pre-training, fine-tuning, and embedding stages, implementing stringent data-centric controls as per policy.

Privaclave’s innovative approach includes real-time data input and output interception, detection, classification, and sanitization. With its non-invasive design and AI-driven run-time data classification, and industry-standard cryptographic methods, Privaclave addresses enterprise data security concerns, ensuring high performance and scalability in handling Generative AI and LLM application security.

Refer to the LLM Data Security page for details.

Privaclave solves various use cases wherever enterprises have a need to secure data persistently and reduce risks of data breach while also complying to various industry standards and regulations. Refer to the Use Cases page for more details.

NO. Privaclave is NOT a Proxy or Gateway solution that you need to deploy across your enterprise network, whether cloud or on-premises. It is triggered by various services, including proxies and gateways via configurations to intercept the data payload, to detect and classify sensitive information, and to protect as per enterprise policies. No traffic routing is required to change either. Data flows as-is and pipelines operate the same. Application or user traffic doesn't need to be proxied through Privaclave during the sessions, as Privaclave is invoked by the network infrastructure layer that is involved in the sessions to detect sensitive data on the fly and protect it. Because of its foundational serverless nature, its involvement in the transaction is ephemeral in most cases - it spins up, does the work, and spins off.

DLP or Data Loss Prevention or Data Leakage Prevention tools are designed to block sensitive data leaking out of an enterprise trusted boundary. DLP tools are typically implemented at the endpoints, or at the egress points of an enterprise network, either independently or as part of a broader security solution such as CASB/SASE, and user traffic whether its any web traffic or email, are proxied through them to inspect, detect, and act on them. Policies are implemented for the DLP tools to either Allow, Block or Alert on certain conditions met with the inspected traffic. DLP tools do not typically desensitize or de-identify sensitive data, because usability of the data on the other end becomes a challenge. They are designed to provide insights or block traffic based on the risk assessed. With constrained user-access based use case applicability, they don't extend to machine or service based interactions, such as a front-end service collecting PII and sending that to a backend service to write that into a database, or data from an on-premise Hadoop environment migrating to a cloud analytics platform, or a 3rd party service is exposed to an internal service via an API for some data sharing, etc.

So, Privaclave is NOT a DLP tool, as it extends to a broad set of use cases including user-access and machine-machine or services use cases. Privaclave is an enabler for protecting sensitive data on the fly while at the same time, designed to allow usability of the data for business purposes, across all use cases.