It hasn’t always been this way. Twenty years ago, cyber-related threats barely cracked the top 10 security threats facing companies, let alone data-specific threats. And historically, a company’s primary worry when it came to data was governance and compliance, not security.
Delphix recently asked a VP of a multinational organisation what his approach to data security was, and he simply said “I wish I knew; it’s not my job. It’s critically important for us to be engaged, but I only get informed after there has been a breach.”
What’s worrying about this sentiment is it’s not just an isolated case. This type of response is incredibly common across the board. The average time it takes to detect and respond to a data breach is still more than six months according to a global study of security breaches by The Ponemon Institute.
At the same time, data security isn’t going to get any easier.
On the rocks: the relationship between data and security
What complicates the discussion around securing data is the data itself. Data is at the centre of the modern digital enterprise. It drives everything from new user experiences to products and business insights.
However, for most companies, it’s also the greatest source of risk. Nearly 90% of data is estimated to sit in non-production systems used for testing, development and reporting systems. In addition, most of this data is a copy, of a copy, of a copy, containing personal information.
Complicating things further, most security processes and organisations evolved in an application-centric age. Understanding how data and risk propagates through those processes is a challenge forcing organisations to question what’s more important – getting something to market or protecting the data?
When you combine the unstoppable growth of data with the intricate and convoluted ways in which data is used, you end up with a quagmire. It’s no wonder then that companies struggle to understand, let alone quantify, their risk and exposure. Even if you are able to identify, secure, and deliver data, it’s extremely difficult to fully understand how it’s being used at that moment in time, and on what scale it is being used.
DataOps to the rescue
The good news is that a middle ground is emerging. A new approach that unites those data operators managing and securing data, with data consumers, such as the developers, analysts, data scientists and anyone else, who need data to do their job.
This emerging movement – DataOps – seeks to eliminate data friction through people, process, and technology. It allows businesses to build a comprehensive library of data sources that pinpoints the exact location of sensitive data across an organisation’s entire IT estate, whether on-premise or in the cloud.
However, identifying personal data is only half the challenge. Protecting it comes next and a big challenge to companies is masking this data.
Modern dynamic data platforms can be used to apply masking policies for multiple systems at once in a matter of minutes. What’s more, dynamic data platforms can be used to profile data, suggest algorithms, build rule sets and then mask very large databases. This meets the GDPR requirement of privacy by design, in that you are designing data masking directly into the delivery of data.
In a digital age, data security and its principles are engrained into everyday life. Protecting people’s personal identifiable information is a human right. Most organisations have accepted that as custodians of data, they have a mandate to ensure personal information is protected. This has created a fundamental shift in how data is viewed and managed. The majority have now been forced to review how they secure and automate the delivery data.
There is no one size fits all solution so each business needs to build its own strategy. Technology like Dynamic Data Platforms that integrate data masking help eliminate personal information from data troves and accelerate the business. The only way businesses will survive in the data economy is by applying DataOps and its tools to eliminate the data friction, allowing their best resources to securely access the data they need, when they need it.