Since 2006…

Guarding data then, now, always.

We were just pups.

In 2006, the world of data was a much different place.

2006

Spirion founded and initial name was called Velosecure LLC.

2007-2008

Product Launch of on-premises solution “Identity Finder”

2009

Company began dominating Higher EDU field and hired its first Account Executive team

2010

Began penetrating healthcare, state and local governments and research laboratories – in addition to Higher EDU

2011

Heavy shift made to B2B audience and the innovation continued by adding Image Search capability to product offering

2012

Company began expanding its sophisticated data discovery technology to finance, retail, manufacturing and telecommunications

2013

Sensitive Data Classification and scanning of Linux endpoints added and product name re-rebranded to Sensitive Data Manager

2014

Sold to IGI – Company fully rebranded as Spirion – fun fact: SPI stands for sensitive personal information / irion is Celtic for “King” – Spirion is the King of sensitive data protection

2015

Spirion is globally recognized as a leader in sensitive data security after tracking down the lost data from Sony’s December 2014 breach. Spirion’s analysis was used as evidence in a successful class-action lawsuit.

2016-2017

Spirion pivots from pure data discovery to a powerful multi-step solution that minimizes personal data risks by reducing the target and tagging data based on its risk profile and adds Spyglass technology, showing advanced heat mapping of where unprotected sensitive data resides (both structured and unstructured data)

2018

Riverside Private Equity Firm acquires company with strong cloud investment

2019

New CEO, Kevin Coppins, named with focus on shifting company from single cybersecurity product to a multi-product, cloud privacy platform

2020

Spirion enters the cloud and launches Sensitive Data Platform + expands its offerings in both security and privacy by adding a threat monitoring tool and automated DSAR fulfillment. Spirion becomes the single source of truth for sensitive data.

2021

Spirion launches its Governance Suite to combine all Spirion products into one proactive privacy and security posture.

2022

Spirion Enhances depth and breadth of Privacy-Grade™️ discovery, classification and remediation for sensitive data.

2023

Spirion granted U.S. patent for data privacy practices, focusing on identity association for a consumer’s personal and sensitive data across multiple data locations and types.

When it comes to innovation, they teach you in business school to find problems that people are having and solve them. The founders of Spirion, David Goldman and Todd Feinman, were ahead of their time when they saw back in 2006 that personal information on computers was a problem waiting to happen. Their first product was intended for consumers to put on their home computers (right along with anti-virus) to search for personal information so that it could be removed.

It is also taught in business school that you might not always get it exactly right the first time (or second or third), so fail fast and pivot. Todd and David pivoted to higher education, where personal information is needed for enrollment, financing, alumni connections, keeping grades and storing intellectual property. These billions of records were a perfect proving ground for honing discovery algorithms. In 2014, the Sony hack reinforced Todd and David’s belief that personal information was the most important thing to protect. They felt Sony would eventually be fine, but the personal information lost could be damaging to the employees and customers of Sony forever.

The data security and privacy industry has gone through pivots of their own. Back when I was running a SOC at Motorola, the assumption was that you had a physical data center located at headquarters to protect. So you put it on a LAN, dropped a firewall in front of it, installed anti-virus on the Windows machines (it was thought virus weren’t an issue on Linux and Macs were not considered at all), and tracked your logs in a centralize syslog sever that connected to a SIEM. This was the “castle and moat” approach.

The castle-and-moat approach failed (or is failing) for two key reasons. 1. It is easy to get around the moat. Of course, there are sophisticated attackers that can figure out ways directly through the firewall, say when zero-days came along or they spot bad configurations, but it is way easier to use social engineering on the organization’s employees. The primary way is through email where users can be tricked to download malware right into the local network or be tricked into giving up credentials on a fake website. Once in, the bad guys can move around freely for as long as they are careful and exfiltrate data on their own time. 2. The second reason is there is no moat. From the cloud, to BYOD, and now to remote workers, there is no “perimeter” that can be guarded.

The next phase was, and still is, “zero-trust” where we accept that there is no moat and put access controls around the data assets (laptops, servers, databases, IaaS storage, SaaS applications) themselves. This is certainly a step-up in security, but it too has issues. The first issue is how to put access controls on all those assets, and how strong should those controls be? The second issue is the sheer number of resources to implement zero trust is out of reach for most organizations. Finally, zero-trust can lower the “blast-radius” of an attack, but at the end of the day, if an employee downloads malware to their computer, it can still get access to that computer at the least, and maybe through that computer, get access to other assets.

At Spirion, we believe that zero-trust is still key, but believe that the data must be what drives the strategy for implementing security. Finding the data should be the first step in any security or privacy program and filling out questionnaires isn’t good enough. Only by scanning the data can an organization be sure that they are protecting the right assets with the right security. Our customers confirm this with stories of finding millions of credit card or social security numbers on the laptops of people who shouldn’t have them. Most of the time, people are not malicious, they are simply trying to do their jobs. But malicious or not, this proliferation of sensitive data is a real problem and Spirion is here to solve it.

1