Cost of Compliance - The New Economics of Data Masking
In our last blog, we highlighted the major data roadblocks facing banks on the journey to effective compliance reporting; security and delivery. This blog focuses on the importance of securing data through Data Masking and contains a real-life example of how such secure data reduces the back-office costs of banks.
Cyber criminals target banks as a priority because 'it's where the money's kept'. Banks like yours are increasingly secure, yet reports by UK banks revealed a 1400 percent increase in cyber-attacks over the last two years. Securing data and sending the right data on request may seem at odds. Our own independent research found 81 percent of European bankers see data security as a challenge throughout the compliance journey.
IT Security tools are not enough
Our experience with Banker 500 companies is the real issue is often unsecured sensitive data residing in non-production environments like testing and reporting rather than production. Some seek to get around these issues with tech such as encryption or data loss prevention (DLP) technologies. These are necessary for data in transit, but not once the data is actually in use.
Data Masking has a key part to play along the road to compliance. Today's enterprise-grade masking replaces sensitive, Personally Identifiable Data (PID) such as social security numbers, credit card numbers, names, addresses and replaces that data with realistic dummy data.
By masking data early, before it is sent to downstream, or to outsourced environments, sensitive information is removed. So even if the systems were to be breached, the data would be useless.
Lower cost, better security
Data Masking has evolved out of intensely manual and traditionally expensive custom scripts written by trained programmers intimately familiar with often bespoke systems. This is the 'Rolls Royce' approach. What's needed is a very reliable and affordable Ferrari.
Some 59 percent of European Bankers have told us they find Data Masking troublesome because heritage masking technology requires data to be cloaked separately on every application. By contrast, easy-to-use data virtualization means only a single physical copy is masked, with masked virtual copies delivered wherever needed. So your large data sets are masked cost-effectively and super-fast.
Now, with dynamic Data Masking, banks can select all the data they need, masking the data just once and deliver it many times. Repeated Data Masking projects are eliminated and compliance teams can access full, up-to-date and protected data sets within minutes, not months.
GDPR - a real life example
A real-life Data Masking example may help. We are working with a large Northern European bank who embarked upon a six month project to mask all of its sensitive data in preparation for the new EU General Data Protection Regulations (GDPR), perhaps the most comprehensive data mandate to appear in a generation.
Masking nearly 10,000 data sources used by 128 applications would have taken over two years using heritage technology and process. With our help, the bank automated much of the Data Masking and delivery process and met the timeline requirements, saving significant service and storage costs.
Now GDPR compliant, the bank can provide masked data anywhere in the business within hours, rather than days. The bank is now more agile as a business and with more time to spend on innovation.
Risk and Compliance Managers do not need to forgo security as they rush to meet reporting deadlines. The economics of Data Masking have now changed allowing its use to streamline the end-to-end process of securing sensitive data. You should be using it.
Our next blog will delve into the challenge of delivering data swiftly and effectively across your testing and reporting teams. Find out how your bank can realise full potential Delphix Data Masking.