How to Secure Data in a ‘Need-To-Share’ Business Environment

For decades, data was siloed and locked away, and there were limited reasons for accessing this valuable asset, let alone sharing it. As such, data security was a relatively straightforward process: Secure the perimeter of wherever data was stored, limit who could access the data and delete it once your legal obligation to retain it expired. This method for data security is commonly referred to as “need-to-know.” Data was shared only under a select set of circumstances.

But the cloud changed everything. Cloud analytics made the task of extracting insight from data much easier. That means data is no longer sequestered in a database, but rather it moves through the analytics pipeline and is shared throughout the organization. As a result, methods must evolve to allow data movement while protecting it at all times. Enter a “need-to-share” approach to data security. Let’s take a closer look at what this means.

The Shift In Data Security Methods

A need-to-share approach recognizes the value of data and asserts that sharing it is a natural component of its existence. Data protection methods should support access to a broader group of stakeholders and drastically reduce the risk of sharing within the organization. Gartner notes that 30% of enterprises will implement need-to-share data protection methods by 2025.

A need-to-share approach does increase the risk of data exposure — as soon as you move data from a secure location, expand access and share it with multiple parties. But in today’s business environment, data analytics is necessary to maintain market share. Organizations must reassess how they protect data to reduce risk and enable the many benefits of data analytics and sharing.

It is also important to note that the access companies have to data — specifically customer data — is greater than ever. Technology enables more significant interaction with customers, which gives organizations access to personal information, preferences, buying habits, etc. In conjunction with that access, we see increased international privacy regulations (GDPR) and state-based privacy laws (such as CPRA, which will replace CCPA in 2023). So protecting data in a need-to-share environment extends beyond enabling market benefits — it is also a legal requirement.

Data Sharing Protection Methods

In a need-to-share environment, good data hygiene must be a top priority. This means protecting it in a way that reduces risk as much as possible. It is a complex process that must begin as soon as an organization acquires a new piece of data. The following techniques are critical to enabling a need-to-share approach to data protection.

• Assign value, risk and access. Whether generated internally or acquired from a customer, it is essential to determine data’s value to the company. Not all data is created equally, and risk-reward ratios will vary. How data is used — or not used — will be determined at this point, along with protection methods (more on that later). It is also important early on to decide who can access data.
• Protect data based on value and risk. Not every piece of data will require analytics and should simply be stored and relegated to traditional perimeter security. For this data, deploy masking techniques, which obscure data values that cannot be reversed. But data deemed worthy of analytics is more valuable and carries higher risk if exposed. As it enters the analytics pipeline, apply tokenization, which also makes data unreadable but allows a select few to access it.
• Enable data sharing. Personally identifiable information (PII) is at its highest value and highest risk. To share PII, employ modern data protection methods, known as privacy-enhancing computation (PEC) capabilities. These techniques use encryption to disguise data values while in transit and enable data processors to analyze that data without exposing it. This method allows multiple parties to collaborate and extract even more insight and value without compromising privacy.

Data’s stock is skyrocketing, as is the importance of sharing it. To fully embrace a need-to-share approach to data security, organizations must evolve their security framework to protect data from its creation to its utility. In doing so, they will find themselves positioned to unlock all of the value data has to offer.

This article originally appeared in Forbes.