Saturday, 24th August 2019
Logo

Why organisations should mask data on demand to protect privacy across enterprise

Today’s organisations realise that data is a critical enterprise asset, so protecting that data and the applications that hold it makes good business sense. However, different types of information have different protection and privacy requirements. Therefore, organisations must take a holistic approach to protecting and securing their business-critical information. By AJ Thompson, CCO of Northdoor plc.

Understand where data exists:

Organisations can’t protect sensitive data unless they know where it resides and how it’s related across the enterprise.

Safeguard sensitive data, both structured and unstructured:
Structured data contained in databases must be protected from unauthorised access using data transformation techniques such as masking or encryption. Unstructured data in documents, forms, image files, GPS systems and more requires privacy policies to de-identify or mask sensitive data while still allowing needed business information to be shared.

Protect non-production environments:
Data in nonproduction, development, training and quality assurance environments needs to be de-identified or masked, yet still usable during the application development, testing and training processes.

Secure and continuously monitor access to the data:
Enterprise databases, data warehouses, file shares and Apache Hadoop-based systems require real-time monitoring and policies to ensure data access is protected and audited. Policy-based controls (like masking or connection termination) based on access patterns are required to rapidly detect unauthorized or suspicious activity and alert key personnel. In addition, data sources need to be protected against new threats or other malicious activity and continually monitored for weaknesses.

Demonstrate compliance to pass audits:
It’s not enough to develop a holistic approach to data security and privacy. Organizations must also demonstrate and prove compliance to third-party auditors. By employing a data protection strategy across all areas and all types of data, organisations can ensure enterprise data is kept secure and protected.

Data Privacy:

Data privacy across the enterprise News headlines about the increasing frequency of stolen information and identity theft have focused awareness on data privacy breaches and their consequences. Protecting data privacy is no longer optional - it’s the law.

Organisations must have procedures in place to protect privacy in databases, applications and reports in both production and nonproduction systems to comply with data privacy regulations and avoid risk. As data-breach headlines continue to mount, it is clear that data is the most vulnerable enterprise asset. Organisations need to adopt a policy-driven, on-demand masking approach to proactively protect data privacy and support compliance, especially in a computing era where data is everywhere and growing in volume, variety and velocity.

Data masking is the process of systematically transforming confidential data elements such as trade secrets and personally identifying information (PII) into realistic but fictionalized values. Masking enables receipts of the data to use “production like” information while ensuring compliance with privacy protection rules. Data masking represents a simple concept, but it is technically challenging to execute. Most organisations operate within complex, heterogeneous IT environments consisting of multiple, interrelated applications, databases and platforms. Organisations do not always know where confidential data is stored or how it is related across disparate systems. The ideal solution must both discover sensitive data across related data sources and mask it effectively.

When the General Data Protection Regulation (GDPR) came into effect in May 2018, businesses from all...
How has GDPR changed the security and compliance landscape? Over the following pages, you’ll find a...
May 2019 marks the first anniversary of the General Data Protection Regulation (GDPR), and early num...
Digital transformation has changed the face of business, driving disruptive change and creating spir...
When the General Data Protection Regulation (GDPR) came into effect in May 2018, businesses from all...
As organizations digitally transform, critical systems and sensitive information can be accessed by...
Mark Humphries, Managing Consultant for Civica Digital, explores the importance of data structure an...
The General Data Protection Regulation (GDPR) came into force on 25 May 2018. In the months that fol...