It is the year 2020, and enterprises are investing heavily in privacy programs. Motivated by regulatory pressure (by way of instance, the European Union’s General Data Protection Regulations as well as the California Consumer Privacy Act), chief privacy officers (CPOs) are leading initiatives related to information discovery, data protection, privacy enforcement, and compliance reporting.
Working as the chief strategy officer for a company that conducts safety assessments and penetration testing, I have found that one basic issue in making enterprises privacy-aware is that data is fluid — it moves across the enterprise, and new information is introduced all of the time.
How can an enterprise ensure the protection of sensitive and personal data in a dynamic environment?
Many organizations have a lot of sensitive information in 1 place, with many different access points. Mitigating controls include utilizing the data as disclosed and for the purposes for which it was gathered, in addition to implementing controls. 1 simple model that may be applied to a lot of different enterprise information scenarios is to consider that the level of privacy hazard at any given point in an enterprise is directly proportional to the concentration of sensitive information in a given place and the amount of access available at this time. It is also inversely proportional to the level of information protection functioning at the same point.
Also read: The ‘Failure’ Of Big Data
Plainly stated, the place of risk is the place where there are little sensitive data, limited access, and lots of protection. Conversely, there is a dramatically higher risk where there’s a whole lot of sensitive data, a high degree of access, and little data protection. The latter explains the big data world for enterprises.
Solutions (and countless dollars in investment) that focus on data discovery, classification, masking, tokenization, and access control can help to reduce a company’s risk profile, but they are simply insufficient. The fact that lots of enterprises face is that while sensitive information in core systems is often well protected, the same sensitive data ends up in large data platforms where it’s indexed and aggregated to support an almost infinite number of use cases: customer support, data analytics, artificial intelligence, security analytics, sales and marketing, revenue optimization, research, and development, etc..
Also read: What’s Inside The Big Data Toolbox
Big data indexes can’t be encrypted or concealed because concealing and encryption break the indexing procedure. Data that are in use in these systems stay in the clear text since it is sliced and diced to support essential business objectives. Enterprises shield this information by using best-in-class access control measures, but these may fall short.
While they are some of the most skilled and trustworthy professionals in the technology business, even the most experienced admin is prone to natural human mistake. Inadvertent misconfigurations have led to the loss of billions of sensitive data records over the last couple of years. Ultimately, a significant quantity of enterprise analytics is conducted in the cloud through software as a service (SaaS) platform. Regardless of granular access controls set up by an organization, cloud providers will necessarily have access to sensitive information flowing through their backend systems.
With critical company operations now being driven by big data — and, at precisely the same time, with privacy being top of mind for both end customers and ventures — the time has arrived for innovation. How can these platforms be made privacy-aware whilst retaining the critical functions they perform? Or are we ready to accept that most platforms that are powering the AI and behavior analytics that track our other crucial systems should themselves be vulnerable to privacy violations and data breaches?
The business needs a data solution that’s private and secure by default in-memory search results, even if aggregated, even if shared between different applications.