It seems that every day there’s another news headline about how companies are using consumer data. Facebook was in the news again recently when the FTC slapped it with a $5 billion fine based on investigations into the Cambridge Analytica scandal. FaceApp made headlines for potential connections to Russia. And already this year, Congress has held hearings with some of the biggest names in tech, digging into their practices around the use and protection of customer data.

The manner in which companies handle and use customer data has become a source of growing scrutiny. But consumers aren’t alone in needing to worry about how companies use their data. Every day, enterprise organizations put massive volumes of data in the hands of third-party vendors. In some cases, like with software-as-a-service applications, it’s explicit that enterprise data will live within a third-party environment. But with other products, particularly those that live within the enterprise data center or cloud infrastructure, it’s far less clear. And when factoring in the devices that employees themselves connect to the network (without the knowledge of IT), knowing exactly how, when, and for what purpose third-party vendors are collecting and using their data can be even more difficult.