American author and consultant Geoffrey Moore once said: “Without big data, you are blind and deaf and in the middle of a freeway.”
Data is the engine of the 21st century, and is guiding nearly everything – from advertising to policy decisions. But as massive amounts of data are being collected and stored, how can governments ensure it is kept private and secure?
Experts from Micro Focus share three tips for securing data in today’s information age.
1. Take a data-centric approach
In a traditional IT model, organisations manage their security in a layered approach. Data is secured at different levels – in the applications, network layer, databases, file systems, and the data storage systems.
But sensitive data is not secured when it flows between the different layers, creating silos, says Micro Focus. Such an approach is also costly as each layer has its own security solution.
A data-centric approach must be taken, Micro Focus experts say. It encrypts data from the moment it enters the system, ensuring privacy is the default.
Micro Focus’ Voltage SecureData protects the data throughout its entire lifecycle, filling in all the security gaps and silos. Confidential or personally identifiable data is encrypted even when analysts or administrators use it. For instance, credit card numbers will be replaced with a random number in the same length, referred to as a token.
Even when malicious hackers breach databases, such confidential data will not be compromised. The hacker will only get the encrypted data which they can never decrypt, says Micro Focus.
2. Ensure encrypted data retains the same format
Traditional encryption techniques convert information such as birth dates into a long string of letters, numbers and symbols – changing the length and format of the data.
Developers would have to modify the existing database structure and any programs that processed the encrypted data. That is a “mission impossible”, Micro Focus says, as it is extremely time consuming and poses a high risk of compromising on data quality and reliability.
The Voltage SecureData platform keeps data in the same format even after encryption. The software might encrypt the birth date “07/07/1973” by turning it into “04/08/2015”. This retains the encrypted information in a format the database was designed for.
This way, data can easily be used and analysed across multiple applications while keeping confidential data private.
A European insurance company used Micro Focus’ Voltage SecureData platform to address privacy concerns. Rather than storing personally identifiable information in clear text, the company used the technology to de-identify and encrypt the data.
Analysts will only see a customer’s personally identifiable information when they are authorised to do so. This allowed the company to reduce costs by avoiding extensive database development work, and use data analytics with a peace of mind.
3. Automate security controls
As employees work remotely during Covid-19, organisations have lost control over files that were secured on-site, says Micro Focus. This generates new problems especially as private files are accessed from unverified locations or networks.
Micro Focus’ Voltage SmartCipher ties security to the file – so security controls do not lie on the network or operating system. Whenever and wherever the file is used, it is secured.
The solution also helps organisations automate security controls. It identifies certain keywords, scans all the files across an organisation’s environment, and automatically classifies those files.
In addition, SmartCipher’ policies are now applied, making this happen transparently in SecureMail. This means data protection is automated and organisations don’t have to rely on users to protect the right information.
Different actions will be allowed depending on the level of access granted, says Micro Focus. Certain users will only be allowed to read a file, while others will be allowed to edit. If a user tries to open a file without the appropriate controls, all they will see is “meaningless lines” of encrypted data.
The technology also records user activity to give security teams visibility over the entire environment, and alerts them to suspicious activity.
As data continues to take the world by storm, applying the right security controls will allow organisations and governments alike to realise its full potential.