2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
How to Stay Agile and Compliant with Format-preserving Protection for Analytics
Cloud-based analytics offer a truly transformative opportunity for global organizations. By extracting insights from data, they are already helping companies better serve their customers, improve operational efficiencies and make better business decisions. It’s a fast track to higher revenue, lower risk, improved productivity and enhanced customer retention. Yet when data is stored and managed in large volumes, significant risks are involved, not least in compliance terms.
Compliance officers might think the best way to solve these problems is by forcing project owners to anonymize or mask their data or even not use sensitive data at all. Of course, this would defeat the purpose of data analytics. Instead, organizations can be more innovative by applying format-preserving data protection.
A patchwork of regulations
The EU General Data Protection Regulation (GDPR) moved the dial on data protection laws when it was introduced in 2018. Not only does it apply extra-territorially, meaning organizations outside the bloc must follow its rules if they process data on EU citizens, but it has since spawned numerous copycat laws across the globe. Not only did it grant consumers (data subjects) new powers of their personal information, it placed, at times, onerous new obligations on data processors. Hefty potential financial penalties of up to €20m or 4% of global annual turnover were intended to make boardrooms sit up and take notice.
Similar laws worldwide have followed suit, just as the California Consumer Privacy Act (CCPA) has inspired legislators in other US states. But that means a patchwork of regulations that global organizations must navigate if they want to tap the benefits of cloud-based analytics without risking severe penalties. Data on customers, partners and employees must be adequately protected as it flows across different databases and applications on-premises and into the cloud. Only a comprehensive and continuous audit of this entire data landscape will do.
Yet the challenge is that each new tool added to the IT infrastructure will increase complexity and demand more personnel and time to manage audits successfully. And many data protection approaches fail because they don’t have continuous visibility and control in cloud environments or across all data types.
Data-centric security offers a more intelligent way to manage the compliance challenges related to cloud-based data analytics. There are three primary goals:
- Put your data warehouse and analytics environment out of scope for PCI DSS. This would help to reduce associated costs. (A comforte customer reduced security compliance scanning by 30%)
- Ensure that your data warehouse and analytics environment comply with privacy regulations such as GDPR. This would help to reduce project risk and accelerate the adoption of new tools and technologies
- Ensure that any privacy solution you deploy is sustainable and future-proofed. This would help to speed time to market and the enrolment of new applications for future projects. It could also reduce costs if capabilities are consolidated on a single vendor. (A comforte customer simplified its security architecture, with the associated benefit of 16.8m).
To achieve this, organizations must look to technology vendors like comforte, which offers:
- Continuous discovery of sensitive data, no matter where it is
- A variety of end-to-end format preserving protection (e.g., tokenization, format-preserving encryption) which ensures data can be used in analytics projects
- A single, unified solution which enables the centralized management and enforcement of policies for all current and future projects and applications
- Simple, streamlined integration of any data source, ensuring data is safe not just at rest and in motion but also when it is used or shared
The key is to apply data-centric security before data is ingested into cloud analytics systems by first discovering all data, identifying sensitive elements and then adding protection. This means no sensitive information will be stored in the cloud, and compliance risk is minimized. With technology like comforte’s platform, organizations have the agility to optimize their use of data without running the risk of non-compliance—not just today but as technology and regulations evolve over time.
Discover, classify, and protect sensitive data as prescribed by PIPL, GDPR and beyond.
Agile data security solutions are required to keep up with the constantly changing scope of data protection laws. Click the button below to download the Solution Brief about our Data Security Platform and learn how to discover, classify, and protect sensitive data in the cloud, on-premises, or both.