Today, data is essential to companies’ success, yet, at the same time, it is incumbent on them to ensure the privacy of that data.
By Sam Rehman, SVP, Chief Information Security Officer at EPAM Systems, Inc.
Data has become the currency of the modern world, with companies collecting around 2.5 quintillion bytes daily, helping them improve operations, optimize marketing efforts and boost functionality. And despite the grumbling of consumers concerning these data collection practices, it undeniably enhances the customer experience. Nevertheless, as businesses’ insatiable desire for data grows, data privacy becomes an ever more significant responsibility. While data is connected closely to an organization’s success, it also must be a good steward of its customer and partner data, particularly in light of increasing regulations from various governmental agencies across the globe.
Understanding the Data Loop
A fundamental aspect of securing customer and partner data is developing a firm understanding of one’s data loop. Not to be confused with the data paradox, which merely points out an observable reality, the data loop details the actual data lifecycle. It begins with a company capturing data, standardizing it, providing access, feeding analytics to drive insights, and finally closing the loop by operationalizing those insights into the frontline business processes. This loop allows companies to think critically of data usage, business priorities, and – most importantly – how data is part of a connected ecosystem.
With more data moving into the cloud and the demand for raw data increasing, businesses must ensure data remains secure throughout the data loop. When sharing data, companies mustn’t jeopardize their customers’ privacy. Data leaks and breaches could result in reputation deterioration and the loss of customers. Moreover, companies must take a sophisticated approach to compliance as there is the risk of legal penalties from the growing global regulatory environment. By establishing a thorough understanding of the data loop, businesses can see where their information travels, who touches it and how it gets used – helping them maintain data privacy and security from capture to deletion.
Applying the Right Tools to Data Security
In addition to a close examination of one’s data loop are various tools and strategies that can support data security and privacy protection. Two major ideas in the data security conversation are the need for anonymization and synthetic data. Data anonymization is a form of privacy protection that removes personally identifiable details from data sets, enabling the customer or person to whom that data is connected to remain anonymous.
Synthetic data is a data set generated through computer programs that match the semantics of the original data set, not based on documentation of real-world events. These synthetic datasets permit a company to run tests without the fear of exposing their customers’ personal information, protecting against fraud and other security threats. Similar to synthetic data is tokenization, which is a process that exchanges sensitive data for non-sensitive tokens. These tokens, unlike encrypted data, are undecipherable. Likewise, they retain some aspects of the original data, like length and format, allowing organizations to use them in various operations without the risk of endangering the original sensitive data.
Other useful tools and resources for maintaining data security are data catalogs and scanners, which can help with linage and locating data in the larger data ecosystem. Data marketplaces are also quite valuable, as they can assist data engineers and scientists when attempting quick search and discovery for available tools and solutions. However, it’s crucial to establish standard tooling procedures to prevent data breaches from misuse or inconsistency.
The Role of Data Governance in Security
Robust data governance is just as essential to security as tools like tokenization and anonymization. The reality is that no solution can give a business perfect data protection or a 360-degree view of all data; only through data governance can organizations fill in the gaps and minimize errors and threats. The more knowledge a business has of its data, the better it will understand privacy and classifications, empowering the company to respond to emerging needs quickly and effectively.
A company can’t protect data it doesn’t understand, which is why data governance and mapping are central to understating different data domains. Likewise, strong data governance can enable a business to answer data questions, such as the location of the data, how one gets access and how to copy it while maintaining security. Data governance is also critical to defining distinct data types and how it differs from other sets. Being able to rapidly and accurately determine these questions accelerates business processes.
Unriddling the Data Paradox
The data paradox, and the challenge it presents, will not be an issue for businesses that avoid shortcuts with data security. Hiring the right people and creating well-defined responsibilities are vital. Security capabilities must be more than an afterthought or something that gets added retroactively to a platform or internal systems – they must mature together. Ultimately, those companies that do not rush their data governance implementation will effectively protect customers’ data and minimize penalties from regulators, having a positive ripple effect on other aspects of the business.
About the Author
Sam Rehman is Chief Information Security Officer (CISO) and Head of Cybersecurity at EPAM Systems, where he is responsible for many aspects of information security. Mr. Rehman has more than 30 years of experience in software product engineering and security. Prior to becoming EPAM’s CISO, Mr. Rehman held a number of leadership roles in the industry, including Cognizant’s Head of Digital Engineering Business, CTO of Arxan, and several engineering executive roles at Oracle’s Server Technology Group. His first tenure at EPAM was as Chief Technology Officer and Co-Head of Global Delivery.
Mr. Rehman is a serial entrepreneur, technology expert and evangelist with patented inventions in software security, cloud computing, storage systems and distributed computing. He has served as a strategic advisor to multiple security and cloud companies, and is a regular contributor in a number of security industry publications.
Sam can be reached on LinkedIn and at our company website: https://www.epam.com/.
Source: www.cyberdefensemagazine.com