I'm Aatish and today we're excited to launch Strac’s Zendesk Redactor!
Problem 😠
Customers post sensitive personal information (PII or PHI) on zendesk tickets for a given business function. Some of the burning reasons on why your Zendesk account needs to be protected:
Data Leaks: All organizations are subject to security attacks. Zendesk is also not immune. In 2016 Zendesk was subject to a data breach exposing 10,000 Zendesk accounts where sensitive PII (Personally Identifiable Information) was accessed.
Insider Attacks: Between 2018 and 2020, there was a 47% increase in insider threat incidents. This includes malicious data exfiltration and accidental data loss.
Compliance: Every day government legislation is passing Consumer Privacy laws geared to protect consumer data from malicious entities. California and Illinois have been the latest to introduce these laws, including a Biometric Information Privacy Act. For many organizations, data can be spread across a wide range of systems, which can be challenging to keep up with Privacy law enactments. It is a nightmare for companies to do manual cleanup of those sensitive messages sitting within your employee's zendesk account as deep inspection is time consuming and error-prone. At the same time, you need to stay compliant and prevent exfiltration of sensitive data.
Solution 🚀
Strac Zendesk App is a Data Loss Prevention (DLP) software. It masks (aka redacts) sensitive comments and attachments while still giving the opportunity to authorized users to view those zendesk tickets in Strac UI Vault. A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed what messages.
Below is a sample list of sensitive data elements that will be detected & redacted:
PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
Identification: Drivers License, Passport, SSN (Social Security Number), etc.
Payments: Credit Card, Debit Card, Bank Account, Routing Numbers, etc.
Credentials: API Keys, Passwords, Passphrases etc.
Crypto Secrets: Bitcoin, Ethereum, Litecoin Addresses, etc.
PHI: PII data, Medical Record Number (MRN), Medical Notes, etc.