Stricter data protection will soon take effect in the EU. This can be implemented by masking personal data, for which data ops platforms are particularly suitable.
At the beginning of the year, Meltdown and Specter, two security gaps in processors, demonstrated how much the security of private data can be at risk. Updates help at short notice. In the long run, companies can only have a complete security concept that also deals with how their own business can be brought into line with existing and future laws. The focus is currently on the EU General Data Protection Regulation (GDPR), which will be binding for all companies from May 25, 2018.
The GDPR standardizes the data protection of personal data of EU citizens. The regulation regulates the handling of personal data such as user names, IP addresses, GPS coordinates, telephone numbers, credit card numbers or user behavior data more strictly. The person concerned is the data owner who must expressly consent to data processing by a company in the future. Every EU citizen has the right to withdraw their consent. If the GDPR is violated, companies face fines of up to 20 million euros or up to four percent of their annual turnover worldwide.
The Easy Way To Do Business Securely And Legally
Extensive preparatory work for automated data management
Surveys suggest that those responsible for IT and compliance fear above all the effort required to achieve GDPR-compliant data handling. A lack of problem awareness paired with ignorance about the regulation also prevents many companies from taking concrete measures.
However, a company cannot avoid the effort of clarifying where its data is and who is accessing or can access it. The next step is to organize the interaction of users, processes and technologies in such a way that business interests and legal requirements are equally protected. Ultimately, a fast, automated and secure data management should be created. DataOps technology offers a promising approach for this. This is a technology that enables data from various sources to be provided very quickly and, if necessary, in a secure manner – for application development or cloud migrations, for example.
Create virtual data copies
A DataOps solution such as the Delphix Dynamic Data Platform is installed on the common virtualization platforms (hypervisors) and creates virtual data copies from databases such as Oracle, SQL Server, DB2, mySQL or Sybase, but also applications. Standard interfaces integrate the various data sources. The synchronization of the virtual data environment with the productive data takes place incrementally, i.e. only the changes in the data source are transferred to the compressed data copy.
The GDPR explicitly names encryption and pseudonymization of data as legitimate procedures to adequately protect personal data. If a company demonstrably applies one of the procedures, the right of withdrawal of the data owner expires. DataOps platforms have libraries that show where sensitive data is stored in the company’s IT. The technology identifies the information that falls under the GDPR and implements necessary measures in the business processes.
Masking and multiple copies
Masking tools are used to pseudonymize data in order to change personal information. The original file format is retained when masking. Assignment to a person, i.e. deciphering, is then only possible with additional information and resources. However, the GDPR stipulates that this information must be stored separately. This is the only way to protect masked data in the event of theft or loss.
The successful masking of data in production systems marks an intermediate step. If the productive data changes, this has consequences: A company must then make a corresponding copy of the protected data available to the other business areas. What sounds harmless at first, turns out to be a demanding task on closer inspection: Over 90 percent of all internal company data is based on copies that are used for secondary applications such as software development and testing, reporting, analysis and backups. Masking these copies individually would be an immense effort. Modern platforms mask all necessary data in one go and then provide multiple masked copies for the different users,
Secured business interests
Masking with a DataOps platform offers companies the opportunity to align their own business faster, easier, more cheaply and in accordance with the GDPR. The DataOps technology also enables companies to develop a better feel for their data. This is also important in our strictly regulated and data-driven world. In this, the coordination of IT security, data protection and business interests decides whether someone will achieve success in the future or let others pass by.