2019 was a banner year for cybersecurity crime, with hackers targeting consumers, government agencies, and private corporations alike. According to the Ponemon Institute, the average total cost of a data breach is $3.86 million, and 80% of U.S. businesses expect that they will have had a critical breach this year. These numbers are not only sizable; they’re alarming.
Top executives have reason to be concerned. New data privacy mandates such as the EU’s GDPR, as well as the California Consumer Privacy Act (CCPA), which goes into effect in 2020, have increased the burden of safeguarding data.
Balancing Growth in Data Analytics With the Need for Security
One of the newer approaches that company leaders are taking to keep up with the rapid data growth is the use of data lakes—repositories into which they can dump data in its natural or raw format. Previously, enterprises knew in advance what the business needed from the data it was collecting, thus it could take the time to design the right data models in its data warehouse or other BI tools. In today’s digital landscape, business needs and markets are changing so quickly that organizations may not know what information they need from their data until the need becomes a present reality. Data lakes enable businesses to be more agile by allowing them to dump all of the raw data into one place and then doing ad hoc analytics based on the select pieces of data pulled and what’s needed at that point in time. Data lakes also help to eliminate data silos and provide more flexibility in terms of data models and structure.
For more articles like this one, go to the 2020 Data Sourcebook
However, the reality is that having all that data in one spot can be a magnet for bad actors. The arrival of data lakes has made it more pressing for enterprises to ensure that enough data security controls are “designed in” to these data lakes from the very beginning according to privacy by design principles rather than retrofitted with firewalls, access controls, and other “perimeter-based” solutions. The best way to ensure security from the beginning is to protect the data itself. Approaches such as tokenization and fine-grained encryption hide only those sensitive fields that need protecting while keeping the rest in the clear, allowing the business to benefit from ad hoc analytics, safely.
Ready or Not, Regulation Is Underway
Enterprise leaders need to also pay attention to the new regulations that are emerging. For example, CCPA was created to protect the privacy and data of consumers in the state of California. While Californians have greater privacy rights, CCPA at present lacks clarity around methods of protection and the concept of de-identification. Further, the law states that “personal information” excludes “publicly available” information which is lawfully made available by federal, state, or local government records. Yet, how the courts interpret “personal” versus “public” information remains to be seen. One thing is certain: Come January 2020, qualifying organizations in the Golden State will need to fully conform to the requirements or will face penalties—which include fines of up to $2,500 per violation, which increase to $7,500 per violation if the violation is deemed to be intentional. With each person whose data is breached counting as a violation, the stakes are very high for large organizations serving potentially millions of California residents.