How to secure data in a “need to share” business environment

0

For decades, data was siloed and locked down, and there was little reason to access this valuable asset, let alone share it. As such, data security was a relatively simple process: secure the perimeter of where the data was stored, limit who could access the data, and delete it after your legal obligation to retain it expires. This method of data security is commonly referred to as a “need to know”. Data has only been shared in a limited set of circumstances.

But the cloud has changed everything. Cloud analytics has made the task of extracting insights from data much easier. This means that data is no longer sequestered in a database, but flows through the analytics pipeline and is shared across the organization. As a result, methods must evolve to enable data movement while protecting it at all times. Enter a “need to share” approach to data security. Let’s take a closer look at what this means.

The change in data security methods

A need-to-share approach recognizes the value of data and affirms that sharing it is a natural part of its existence. Data protection methods should promote access to a wider group of stakeholders and significantly reduce the risk of sharing within the organization. Gartner notes that 30% of companies implement data protection methods necessary for sharing by 2025.

A need-to-share approach increases the risk of data exposure – as soon as you move data from a secure location, expand access and share it with multiple parties. But in today’s business environment, data analytics is necessary to retain market share. Organizations need to reevaluate how they protect data to reduce risk and enable the many benefits of data analysis and sharing.

It is also important to note that business access to data, especially customer data, is more important than ever. Technology enables greater interaction with customers, allowing organizations to access personal information, preferences, shopping habits, and more. Along with this access, we are seeing an increase in international privacy regulations (GDPR) and national privacy laws (such as CPRA, which will replace the CCAC in 2023). Thus, data protection in an environment of need to share goes beyond business advantages: it is also a legal obligation.

Data Sharing Protection Methods

In an environment of need for sharing, good data hygiene should be a top priority. This means protecting it in a way that reduces the risk as much as possible. It is a complex process that must begin as soon as an organization acquires new data. The following techniques are essential to enable a need-to-share approach to data protection.

  • Assign value, risk, and access. Whether generated internally or acquired from a customer, determining the value of data to the business is essential. Not all data is created equal and risk-reward ratios vary. How the data is used – or not – will be determined at this stage, as well as the methods of protection (more on this later). It is also important to decide early on who can access the data.
  • Protect data based on value and risk. Not all data will require analysis and should simply be stored and relegated to traditional perimeter security. For this data, deploy masking techniques, which mask data values ​​that cannot be inverted. But data deemed worthy of analysis is more valuable and carries a higher risk if exposed. When it enters the analysis pipeline, apply tokenization, which also renders the data unreadable but allows a privileged few to access it.
  • Enable data sharing. Personally identifiable information (PII) is at its highest value and at its highest risk. To share personal information, use modern data protection methods called privacy enhancing computing (PEC) capabilities. These techniques use encryption to conceal data values ​​while in transit and allow data processors to analyze that data without exposing it. This method allows multiple parties to collaborate and extract even more information and value without compromising confidentiality.

The stock of data is skyrocketing, as is the importance of sharing it. To fully embrace a need-to-share approach to data security, organizations must evolve their security framework to protect data from creation to use. By doing so, they will find themselves in a position to unlock the full value that data has to offer.

This article originally appeared in Forbes.

The post How to Secure Data in a “Need to Share” Business Environment appeared first on Baffle.

*** This is a syndicated blog from Baffle’s Security Bloggers Network written by Ameesh Divatia, CEO and Co-Founder. Read the original post at: https://baffle.io/blog/how-to-secure-data-in-a-need-to-share-business-environment/

Share.

Comments are closed.