Monitored Data Pseudonymisation
Ensure the privacy of your users while protecting recorded data from insider threats
Get in Touch
Why anonymize user data?
Any thorough user activity monitoring software records all actions taken by users, including actions involving identifiable data: logins, credentials, device information, etc.
This data is considered personally identifiable information (PII) and is protected by the same IT standards, laws, and regulations as other kinds of sensitive data. Pure anonymization of such data erases the link between the user and their activity logs, making it impossible to investigate security incidents.
Pseudonymization allows you to protect sensitive data from insider threats while having the option to de-anonymize data when needed.
Data pseudonymization is necessary to:
- Comply with IT standards, laws, and regulations
- Protect your users’ PII
- Remove identity markers from employee data
- Investigate security incidents without compromising other users’ privacy
- Prevent accidental access to PII
GDPR
Article 25, “Data protection by design and by default”
“[…] the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”
Key features of pseudonymisation with Syteca
FIPS 140-2 certified encryption of all usernames and aliases
No influence on user activity monitoring and recording
Data pseudonymisation for users with any privilege level
Possibility to de-anonymize data in case of a cybersecurity incident
Limited access to de-anonymization functionality
Protection of users’ personal data in activity monitoring results
Active Directory compatibility
Implementation of GDPR requirements for PII protection
Principles of data pseudonymisation in Syteca
Syteca substitutes user logins and device names with aliases to make it impossible to link this data to a specific user. For instance, if someone were looking for the user John-Smith that works on John-Smith-PC in the activity monitoring results and reports, they might see user USR-880B1A and CLN-E0CB5E.
Unique aliases are assigned randomly, making it impossible to discover a pattern and link an alias back to a user.
Syteca hides user data in:
- User activity monitoring results
- Reports on user activity
- Screenshots of user sessions
- The Syteca Management Tool
Securing private data
Here’s how this functionality works:
- Data pseudonymisation is turned off by default.
- It is turned on after you purchase a Syteca license.
- When enabled for the first time, the pseudonymisation algorithm randomizes all current user data.
- From then on, Syteca only shows user aliases in monitoring data and activity reports.
- When a new user is added, Syteca randomizes their data automatically.
De-anonymizing data
To de-anonymize a user, a security officer and a data protection officer (DPO) have to work together:
- A security officer requests de-anonymization of a specific user’s data and provides a reason for the request.
- A DPO reviews and approves or denies the request.
- If the request is approved, the security officer can review user sessions with identifiable data. For the DPO, user data remains hidden.
- After 24 hours from the request approval, Syteca automatically anonymizes user details again.
The de-anonymization process allows you to quickly identify a user in case of a security incident. At the same time, users’ private data is protected from anyone who has access to the Syteca Management Tool.
Need a quick discovery call to discuss your request?
Book a Time Slot HereGet the most value for your business with other Syteca’s capabilities
Supported platforms
Learn how Syteca assists our customers in continuously preventing threats coming from the inside.
4.7/5
4.5/5
4.7/5
4.2/5
4.7/5
4.5/5
What our clients say about Syteca’s insider threat prevention tools
Dennis Fox II
CEO | President at ES Consulting
“What we like the most about the Syteca is how easy it was to get started. The communication with the team is both smooth and efficient. Also, the support received from Syteca team, both informational and technical, has always been very prompt and helpful.”
Paul Maranzano
Technical Director at National IT Solutions
“We tried quite a few insider threat management solutions before we came to Syteca. The key factor that led me to Syteca was fast communication from sales to support. I’d highly recommend Syteca to most colleagues. Within 30 to 40 minutes I had it up and running and it was recording. I was quite impressed by how quick and easy it was. I definitely recommend Syteca!”
Egzon Sinanaj
Director of Support and Security at PECB
“We have a lot of data to protect. We are also very happy to have an ever-growing number of new customers whose data are processed only by authorized processes and employees. To keep everything in check, we must be able to identify potential internal or external threats in time and act accordingly to prevent any intentional or unintentional errors.”
Denis Gundarev
Senior Program Manager at Microsoft
“Syteca provides a great solution for customers that need a session recording and activity audits, as well as incident response functionality to detect and prevent insider threats.”
Adrian Cragg
CTO of CNC Ltd
“As a Managed Service Provider we are responsible for our customers’ servers but aren’t the only ones with access and often well intentioned 3rd parties cause disruption with unauthorised changes. Syteca gives us peace of mind that all actions carried out on the server are recorded and we can quickly identify & rectify issues. It’s like having CCTV for your server and in these times of a need for heightened security and auditing this is perfect for the job.”
Let’s get the conversation started
Contact our team to learn how our insider risk management software can safeguard your organization’s data from any risks caused by human factors. Book a call with us at a time that suits you best, and let’s explore how we can help you achieve your security goals.
