Whether we like it or not, the business landscape has changed – permanently. With COVID-19, we have seen the rapid decentralization of premises-based organizations and an accelerated push to the cloud. More businesses are undergoing the process of digital transformation with more teams working from home than ever before.
Despite the disruption to business, one industry that continues to thrive is cybercrime and large data breaches continue to dominate headlines. Shifting to the cloud means expanding the landscape for data breaches to take place. And as many organizations have discovered, the impact of a data breach can be costly – data loss, fines, reputational damage, and lost revenue are just some of the costs that can add up to $3.86 million, which is the current global average cost of a data breach. More painful for some, is the loss of revenue from previously loyal customers suddenly disappearing.
While your risk officer will no doubt be occupied with ensuring compliance measures are in place to meet the requirements of data privacy laws such as the CCPA, HIPPA, and the GDPR, it’s not just your risk team that needs to be concerned about data security. With the shift to the cloud, data loss prevention needs to take central focus across the organization and form an essential part of the digital migration process.
Transparency, communication, and training are all paramount, but the responsibility of protecting data in the business itself needs to shift.
“It’s crucial for data to be secured before it travels from the business into unprotected waters,” says Virginia Mushkatblat, CEO of Nevada-based data protection software firm HushHush. “And that’s why the responsibility of protecting data now lies with Developers and DevOps teams.”
Employing a data protection method such as data masking as soon as production data enters the development cycle ensures that data is secured before it travels downstream or outside the business. And while the initiative for data protection lies on compliance professionals, developers are better positioned to integrate data protection measures with the development lifecycle.
“A typical enterprise has huge volumes of personally identifiable information (PII) and sensitive data sitting in non-production environments, which are used for analytics, testing, and QA. In many instances, this information is shared with third parties, emailed to colleagues and even saved to desktops where protective measures cannot reach,” explains Virginia. “Masking early mitigates this risk.”
Data masking (also known as anonymization, obfuscation, and de-identification) is the process of locating and categorizing sensitive data and masking sensitive elements to prevent unauthorized usage. This form of data protection is a proven format-preserving method of data protection that delivers secure data for development and testing without putting customer data at risk. Most importantly, masked data retains its referential integrity, so the data’s value to the business remains unchanged.
“With GDPR, CCPA, and tighter enforcement, data masking is no longer considered a ‘nice-to-have.’ Data masking works with algorithms and metrics dictated by the GDPR,” elaborates Virginia.
Automated data masking as part of the early development process enhances security across your organization – therefore minimizing data risk, and ultimately protecting your business. It also fulfills the requirements of laws like GDPR and HIPAA.