A new addition to basic human rights : Data privacy
Data privacy has become a basic human right. With data breaches on the rise and tough new legislation, such as the EU’s impending General Data Protection Regulation (GDPR) on the horizon, data protection needs to be the number one mandate for companies today.
Too often companies have to balance data protection risks with the pressure to move fast. GDPR tips the scales towards data privacy, meaning global businesses have to rethink how they provide secure access to data throughout their organisation, says Jes Breslaw, director of strategy, EMEA at Delphix.
We recommend the following tips for businesses when it comes to securing data:
- Start learning about DataOps – Companies should be investigating the idea of DataOps. This approach assigns dedicated people and tools to manage and secure data across an organisation. DataOps enables data operators to know exactly what data is where, to be able to secure (mask) data that is sensitive, and to ensure that data consumers still have access to the data they require, when they need it.
- Govern data access – DataOps and Dynamic Data Platforms enable you to centrally control all non-production copies of your data and mask data at the same time. Data operators can manage who has access to what data, for how long, and when. Data consumers can access and use data independently, while administrators retain full control over masking, privileges and physical resources.
- Treat all data equally – Most security teams focus on the protection of data in a production environment, but the same budgets and security are often not afforded to non-production copies of data that are used in test, reporting, training and analytic systems. The danger is that non-production data represents approximately 80% of an organisation’s total data and their most vulnerable attack surface. By treating non-production data as you would production data then you can mandate policies that reduce the risk of data breaches in all environments – production and non-production.
- Use technology short cuts – The deadline for compliance with GDPR is 25th May, and you will never protect all your sensitive data in time by doing things the same way you always have. Modern data masking solutions have database profiling tools that scan tables and fields to detect confidential information such as email addresses, credit card numbers, or patient records. Some even recommend masking algorithms which dramatically cut down the time it takes to build and enforce data masking.
- Stop reinventing the wheel – Define security policies once rather in siloes or at the project level and if possible apply them everywhere. Set enterprise security policies to ensure that the right data is protected using the right controls and masking algorithms. Policies must then be applied consistently, regardless of the data source, to support compliance with regulations such as HIPAA, GDPR, and more.
The author of this blog is Jes Breslaw, director of strategy, EMEA at Delphix