Privacy regulations making cloud migration complex
Digital transformation is driving multi-cloud migrations, as 85 percent of organizations use at least two cloud providers for data storage and analytics, while 40 percent use five or more. GDPR, CCPA, and other privacy regulations are making cloud migration and analytics difficult, as 7 out of 10 said the effort has become more complex, a Privacera and Lead to Market survey reveals.
Comprised of 100 executives from Fortune 500 companies, the survey found businesses are experiencing a conflict between a data scientist’s need for quick data access and IT’s need to ensure data security and privacy, as 58 percent felt that access restrictions were impacting the productivity of their analytic teams.
An analytical teams’ productivity is adversely impacted by security requirements, often resulting in a never-ending, and difficult to resolve, stream of IT tickets requesting access to sensitive data. These security requirements are impairing analytics teams from doing their jobs, either by delaying or even denying access to the data necessary for modeling and analytics.
Deploying a layered security approach
While a majority of the survey respondents do utilize IAM technology tools, it was not the only tool utilized to ensure data security. Deploying a layered security approach, some respondents recognized the need to reduce information risk by enabling data analytics with much more granular data access control.
Typically, security tools provide controls at the application, network or end-user layers. Yet, in today’s zero-trust networks that is not sufficient. As recent data breaches have proven, once a bad actor has gained access to the data storage or analytics system – every piece of information stored within is accessible.
This is exactly what happens when IT or security teams grant data science teams blanket access to data – it creates a massive hole in the security perimeter. Worse, it violates the privacy and compliance regulations that were created to protect the personal digital rights of consumers in the first place.
A more granular, more surgical approach is needed, and some survey respondents have adopted additional technologies such as encryption and masking, as well as fine-grained access control and row/column filtering. The fine-grained access control enables an almost surgical level control of data access, enabling analytics teams to access the precise data set they need. No more and no less. This upholds the corporate obligation to adhere to legal requirements, without impeding the productivity of data scientists.
Managing data security and privacy as a corporate imperative
Managing data security and privacy has become a corporate imperative, as organizations look to avoid data breaches and the misuse of personally identifiable information (PII) that can cost millions of dollars in fines and irreparable damage to brand.
Worldwide privacy regulations are creating the need for businesses to not only manage data, but to make it pseudonymized, easy for end-users to erase, and auditable both in terms of location and usage.
However, securing sensitive data across cloud-based repositories is difficult, as 70 percent said managing access in compliance with external or internal governance policies was hard – even after it was identified and classified. Worse, 81 percent were not confident that a request from a past customer to delete all information could be executed when stored in multiple cloud services.
The rise in digital transformation and the trend to migrate and manage data across multiple cloud providers is forcing organizations to think about how they are controlling access to sensitive information. Data access control is a common choice for managing data governance and compliance, but what’s in place today may not be the ideal solution tomorrow. In fact, 70 percent said they would require automated solutions for data governance and access control in the next 1-3 years.