It is no secret that companies are migrating to the cloud as never before. In O’Reilly’s annual Cloud Adoption Survey, 90% of respondents indicated they used the cloud. In fact, 20% said they planned to move all applications to the cloud in the coming year.
Unfortunately, cloud data security is often an afterthought for many businesses. This has been especially true since the pandemic forced companies to adjust quickly to a remote workforce. As a result, many well-intended companies are creating wide swaths of cloud vulnerabilities that come at a hefty price tag — the average data breach costs companies $3.8 million.
While the threats are real, scare tactics do not seem to generate enough motivation to advance security up the priority queue. So let’s consider a different approach to gain buy-in. What if security leaders presented data security through the lens of value and scale? Forget about what a data breach costs for a moment and focus instead on the data’s value — and on the importance of protecting that value.
Data is the most valuable non-human asset a business has. According to a McKinsey report, 81% of outperformers invest in data analytics centers, compared to 68% of slow performers. Simply put, those investing more heavily in data analytics are primed to win. Let’s take a look at what happens when an organization views data security as a critical means for unlocking value and creating differentiation.
Fast-tracked data analytics projects
The common assertion is that security slows down productivity. However, I would argue that data security can actually create efficiency. I’ve seen firsthand instances where large, well-known companies have stalled important data analysis projects — which occur in the cloud — for more than a year because they haven’t determined how best to secure data during migration and throughout the analytics process. The result of the delay is that the rich insight of the data analysis remains locked.
While data has always been valuable, the data collected in the last year will reveal a wide range of unprecedented insights. The business world was turned upside down due to the pandemic, and organizations had to quickly adjust how they operated and reacted to new customer needs. This new information will allow companies to glean areas of success — including things they could improve upon and trends that will help them create market differentiation.
But before that can happen, data must be protected.
Traditionally, companies have placed a great deal of emphasis on keeping cybercriminals out by “protecting the perimeter.” But with remote workforces working in the cloud, there is no single perimeter — there are thousands of perimeters emanating from the disparate home networks and devices employees are working on. Vulnerability points have exponentially multiplied.
So employing the most effective data protection plan for a data analytics project requires a new approach that protects data at the file level. With so many more entry points for cybercriminals — who are growing more bold and sophisticated — organizations should be working under the assumption that it is a matter of “when,” not “if” a breach will occur. This is especially true for cloud data, where companies are prone to choosing deployment speed over sound security practices.
When each piece of data is individually protected in a manner that renders it unreadable, organizations have the power to neutralize the threat of an eventual breach. Unreadable data is of no value to the person attempting to exploit it. This is not to say that traditional security methods should be abandoned, as security requires a 360-degree approach. But forward-thinking companies understand that significant data analytics projects must include advanced data protection that extends beyond building a fortified wall.
Deployment of the right data protection methods
How do businesses overcome security challenges to move analytics projects forward? They start with employing advanced data discovery methods to determine what kinds of data they are collecting and, most importantly, their value.
Most data is created in the field — for example, at a doctor’s office, point-of-sale register or banking app. It is unstructured and needs to be organized. Before ingesting it into the cloud for data analytics purposes, companies must identify and classify the sensitivity of the data, as well as its subsequent use. This exercise will determine how much protection each piece of data should have, along with helping to identify what data will move downstream for analytics purposes, what should be stored and what should be eliminated.
The next step is protection. The methods an organization employs to protect data depend on how it will be used downstream in the analytics pipeline. If the data is not to be used in its original state, it should be tokenized, a process that cloaks the data’s characters with new characters but in the same format. For example, in a credit card transaction data scenario, a 16-digit credit card number would be tokenized with 16 random numbers.
Data to be used is encrypted in a way that allows it to be processed. In the credit card transaction example, the customer’s name, the date of the transaction and the amounts would be replaced with ciphertext that can only be decrypted with a key, making this information impossible for anyone without access to read.
From there, privacy-preserving analytics begin to allow data analysis while data is still protected. Using this approach, it would still be possible to determine which customer performed the transactions, with the most value in a certain date range. This is where the real business value emerges, because data can be analyzed while still ensuring it is never exposed in the clear. This completely neutralizes many of the “security disrupts efficiency” arguments. Further, the result of these measures is the confidence of having data security — even in the case of a breach — while moving forward with business-critical data analysis.
The rigors related to securing data will give organizations a better understanding of the breadth of data they have, which can further optimize data analytics projects. Those rigors should not be viewed as a burden, but rather a non-negotiable component in creating a competitive edge.