By Brian Pennington, Liaison Technologies
According to a survey by GreenSQL, more than 65% of businesses do not protect their customers’ private data from unauthorised employees and consultants.
The results are interesting because every day we hear of another data breach or another form of malware which can steal data, or at least damage data. You would think that with this amount of coverage business would sit up and start protecting their livelihood because that is what customer information is, their livelihood.
Maybe it is bad news fatigue? Maybe the constant flow of horror stories makes them think that they cannot do anything about it so why bother?
I can understand the sentiment on a personal level. I do not wear a Kevlar jacket and carry pepper spray when I walk my dogs on a cold dark winter evening on the distant chance I might be mugged.
However, business cannot escape their contractual commitment to protect credit card data under the Payment Card Industry’s Data Security Standards (PCI DSS) and they cannot escape the legislative requirements to protect Personally identifiable Information (PII) for example the Data Protection Act and the pending European Wide Data Protection Act.
The survey results fall into three categories:
1. Ignore. 65% take no preventative measures
2. Think about it. 23% use masking techniques only in non-production environments, such as dummy data and scrambling
3. Try. 12% deploy dynamic data masking solutions on their production environments
I suspect that those who indicated that they deploy technologies to mask data are talking about credit card data, where all payment applications are governed by the Payment Card Industry’s PA DSS standard, but it should be applied to all sensitive data that could cause financial or reputational damage to anyone; customer, employee or contractor.