Wednesday, 24th April 2019

The tumultuous relationship between data and security

Our daily news updates have become littered with data breach after data breach, each costing companies on average £1.82 million. CEOs have lost their jobs and reputations following major leaks, and CSOs wake up each morning dreading the news that personal customer data is in the hands of hackers. By Iain Chidgey VP International, Delphix.

It hasn’t always been this way. Twenty years ago, cyber-related threats barely cracked the top 10 security threats facing companies, let alone data-specific threats. And historically, a company’s primary worry when it came to data was governance and compliance, not security.

Delphix recently asked a VP of a multinational organisation what his approach to data security was, and he simply said “I wish I knew; it’s not my job. It’s critically important for us to be engaged, but I only get informed after there has been a breach.”

What’s worrying about this sentiment is it’s not just an isolated case. This type of response is incredibly common across the board. The average time it takes to detect and respond to a data breach is still more than six months according to a global study of security breaches by The Ponemon Institute.

At the same time, data security isn’t going to get any easier.

On the rocks: the relationship between data and security

What complicates the discussion around securing data is the data itself. Data is at the centre of the modern digital enterprise. It drives everything from new user experiences to products and business insights.

However, for most companies, it’s also the greatest source of risk. Nearly 90% of data is estimated to sit in non-production systems used for testing, development and reporting systems. In addition, most of this data is a copy, of a copy, of a copy, containing personal information.

Complicating things further, most security processes and organisations evolved in an application-centric age. Understanding how data and risk propagates through those processes is a challenge forcing organisations to question what’s more important – getting something to market or protecting the data?

When you combine the unstoppable growth of data with the intricate and convoluted ways in which data is used, you end up with a quagmire. It’s no wonder then that companies struggle to understand, let alone quantify, their risk and exposure. Even if you are able to identify, secure, and deliver data, it’s extremely difficult to fully understand how it’s being used at that moment in time, and on what scale it is being used.

DataOps to the rescue

The good news is that a middle ground is emerging. A new approach that unites those data operators managing and securing data, with data consumers, such as the developers, analysts, data scientists and anyone else, who need data to do their job.

This emerging movement – DataOps – seeks to eliminate data friction through people, process, and technology. It allows businesses to build a comprehensive library of data sources that pinpoints the exact location of sensitive data across an organisation’s entire IT estate, whether on-premise or in the cloud.

However, identifying personal data is only half the challenge. Protecting it comes next and a big challenge to companies is masking this data.

Modern dynamic data platforms can be used to apply masking policies for multiple systems at once in a matter of minutes. What’s more, dynamic data platforms can be used to profile data, suggest algorithms, build rule sets and then mask very large databases. This meets the GDPR requirement of privacy by design, in that you are designing data masking directly into the delivery of data.

In a digital age, data security and its principles are engrained into everyday life. Protecting people’s personal identifiable information is a human right. Most organisations have accepted that as custodians of data, they have a mandate to ensure personal information is protected. This has created a fundamental shift in how data is viewed and managed. The majority have now been forced to review how they secure and automate the delivery data.

There is no one size fits all solution so each business needs to build its own strategy. Technology like Dynamic Data Platforms that integrate data masking help eliminate personal information from data troves and accelerate the business. The only way businesses will survive in the data economy is by applying DataOps and its tools to eliminate the data friction, allowing their best resources to securely access the data they need, when they need it.

Retail is one of the most challenging sectors in the UK right now, particularly with the collapse of...
Technology is one of the few things in life we expect to just work. This is especially true when it...
Malware authors have always been trying to update their software and evolve their techniques in orde...
Becrypt has been in the disk encryption business for more than 15 years and have carried out extensi...
Whilst the concept of Zero Trust (ZT) networks is gaining broad popularity and acclaim, elements of...
Corporate Cybersecurity is a huge concern for both customers and business owners alike with the numb...
Last year, Russia started a widespread cyber-attack targeting critical infrastructures around the wo...
1989 was of a year of positive milestones which would have a profound impact on the way we live and...