Data Masking Addresses the Changing Threat and Compliance Landscape
HPE Security – Data Security is pleased to be recognized in Gartner’s Market Guide for Data Masking, Published: 6 February 2017, Analyst(s): Marc-Antoine Meunier, Ayal Tirosh. As a leading visionary in the prior Magic Quadrant for Data Masking Technology, Worldwide, published: Dec 2015, underpinned by of our 10 year leadership in Format-Preserving Encryption technology that is now a recognised NIST standard, we welcome the new guidance from Gartner analysts Meunier and Tirosh.
The Market Guide defines Data Masking as a technology aimed at preventing the abuse of sensitive data by providing users fictitious yet realistic data instead of real and sensitive data while maintaining their ability to carry out business processes. The Data Masking market has been growing steadily for years, and Meunier expects it to grow even more in 2017, and beyond in our opinion.
The market guidance is timely – new privacy regulations such as the General Data Protection Regulation (GDPR) put additional compliance cost pressure on enterprises around the world. Massive growth in data consumption that is powering the next generation of businesses has to be balanced with the risks of sophisticated attacks to sensitive personal data. The recommendation is to look beyond traditional static masking at the approaches such as those available in HPE SecureData, enabling organizations to build a hybrid data de-identification, pseudonymization, and production protection strategy. This strategy can span traditional databases, cloud, big data ecosystems, data warehouse and mission critical platforms through powerful, dynamic Format-Preserving Encryption that reduces risk, increases data utility, and simplifies compliance.
This important Market Guide comes on the heels of another Gartner publication, How Data Masking Is Evolving to Protect Data From Insiders and Outsiders, published: 28 November 2016, Analyst: Marc-Antoine Meunier. That report has specific recommendations for security and risk management leaders concerned with application and data security. The report advised that organizations should “consider using format-preserving encryption and tokenization. Together, they cover a broader spectrum of use cases and software life cycle phases.”
Format-preserving encryption (FPE) is an encryption technology that protects sensitive data by preserving the data format. It transforms data that is formatted as a sequence of the symbols in such a way that the encrypted form of the data has the same format and length as the original data (e.g., 9 digits for a social security number, 16 digits for a credit card number). Since no changes are needed in the data format, retrofitting to legacy applications is very simple and easy as opposed a conventional encryption that would change the data format and make the integration complex. FPE also preserves the context value, relationships and meaning, enabling business process and secure analytics.
Our HPE SecureData encryption product utilizes HPE FPE and secure stateless tokenization technologies that can be used to created masked data for use by developers in test and development to avoid the need for live data in testing. This powerful platform uses advanced HPE FPE technologies to transform live data into a neutralized, yet useful encrypted form that can still execute applications, and still be used in analytics – without unnecessary encryption which can lead to exposure and risk.
Security and risk management leaders should use data masking to desensitize or protect sensitive data, the market guide advises, and should address the changing threat and compliance landscape. In 2016, data breaches have, once again, demonstrated the growing importance of this technology market.
The Market Guide for Data Masking lists these findings:
- The evolution of threat and compliance environments continues to fuel demand for data masking (DM) solutions. This demand is further sustained by data growth within organizations and the expansion of data analytics use to drive the business.
- Buyers are increasingly concerned with the risk of reidentification of masked data, especially in complex big data environments, and facing regulations such as GDPR, which require an assessment of that risk.
- Data masking is available in an increasingly broad array of deployment options to address new and evolving data management and application architectures.
These are the recommendations from the Market Guide for security and risk management leaders responsible for data security and compliance:
- Mitigate data risk and enable your organization’s digital business transformation by adopting data masking and complementary technologies such as format-preserving encryption and tokenization as a key strategy.
- Achieve an effective and sustainable deidentification of sensitive data by assessing the reidentification risks throughout the life cycle of your data masking implementation, and favor vendors that offer tools and expertise to establish the reidentification risks.
- Mitigate risk in applications where traditional DDM approaches have struggled by taking advantage of innovative DDM solutions at the data virtualization or alternative application tiers.
Use this link to read the full report: Market Guide for Data Masking.