65% of companies expose personally identifiable information
More than 65 percent of businesses don’t protect their customers’ private data from unauthorized employees and consultants, according to a survey of hundreds of IT managers and developers at large organizations conducted by GreenSQL.
With today’s increasingly public use of private information, protecting data resources from security breaches is absolutely crucial. Multiple regulations from organizations like the Payment Card Industry (PCI) mandate that companies in possession of personally identifiable information (PII) protect it from unauthorized access and use.
GreenSQL recently polled IT professionals about the measures they take to prevent developers, QA, DBAs, consultants, outsourced employees, suppliers and application users from having access to sensitive data. The results were surprising:
- 65% take no preventative measures
- 23% use masking techniques only in non-production environments, such as dummy data and scrambling. However, these solutions are expensive, complex and require custom development; moreover, these solutions are not transferrable to other projects.
- 12% deploy dynamic data masking solutions on their production environments.
“Most companies would say protecting customer data is critical to maintaining their business and reputation,” said GreenSQL CEO, Amir Sadeh. “However, something is wrong when we discover that many IT departments are making no masking efforts whatsoever, and others are taking tepid approaches.”
GreenSQL’s Dynamic data masking (DDM) solution applies rules to enforce access, making sure those who need to access certain parts of the sensitive data have it and those who shouldn’t see anything, won’t. It ensures that the data never leaves the database in its original form, preventing information theft. DDM allows real-time masking of sensitive data with no impact on the stored data itself and requires no change in the application’s code.
“Databases are high-quality targets for those engaged in industrial espionage. Many organizations are still vulnerable, which is especially troubling after so many recent attacks. We hope this survey will help companies sit up and take notice of the gaps in their systems and close them.” concludes Sadeh.