It’s Time to Close the Gap on Security and Innovation to Fix Australia’s Data Breach Problem
Despite increased pressure from regulators and businesses investing heavily in data security, enterprise leaders are still facing challenges in understanding and responding to data breaches. Breaches continue to occur at an alarming rate, especially in Australia. There were a total of 245 reported between April to June of 2019 under the Notifiable Data Breaches (NBD), according to the Office of the Australian Information Commissioner (OAIC). As the numbers show, even with the pressure of legislation breaches are continuing to occur at the same rate as before with relentless consistency. So why isn’t the current approach to data security working?
The truth is you can’t stop data breaches—they’re inevitable. If you’re a modern company operating in today’s digital age, applications sit at the heart of your business. While building software and applications opens up new opportunities for companies, it also brings about new challenges and a lot more complexity. Building software requires developers to have access to high-quality test data in non-production environments for developing, testing, and reporting. But security challenges are then amplified because non-production environments are almost always replicas of production environments that contain real data, including confidential information about the organisation, employees, and customers.
Security and Innovation: Better Together
Security is often thought to be at odds with innovation, particularly given the rate of advancement that many organisations are trying to achieve through DevOps. With consumers’ demand for a near-constant cycle of updates and developments more in line with their needs, security can be seen to be more of a hindrance than a help in the race to innovate.
But businesses can’t enable data-driven transformation while neglecting data security. Developments in legislation and regulation mean any business that innovates at the expense of security, putting sensitive consumer data at risk, will be heavily penalised through the likes of NDB in Australia and global initiatives like GDPR, as well as potentially having their reputation blemished. Rather than prioritising simply speed, businesses can implement processes that better manage data to reduce risk.
Freezing Innovation – or Thawing it?
While you can never get to zero risk, masking your data minimises your risk of a harmful breach by strengthening data security controls that ensure only the right people have access to sensitive data while still allowing innovation to continue at a fast pace. Should any data fall into the wrong hands, its potential for malicious use is drastically reduced without actual access to sensitive information.
The solution to minimising risk lies in one’s choice of data masking techniques. Shuffling, for example, results in data that’s anonymised but doesn’t provide insight as it can’t be used in development. Obfuscation, on the other hand, is a better alternative as it allows software development teams to use secure data in their delivery pipeline with speed and efficiency.
As organisations look at the rising data breach casualties around the country, they may be tempted to go into “lock-down” and curtail, or even reduce, their digital footprint. That in turn certainly leads to limping behind competitors because of the lack of innovation. Rather than just moving fast and breaking things, businesses can move fast and responsibly with effective data management and security practices.