Warren Poschman l Mar 14, 2018 l Tokenization, GDPR, PCI, Data Security, Data Protection, Pseudonymisation

The 4 things to consider for achieving true Data Security

Do you know how sometimes you can almost predict what question someone will ask you? You know, sort of like in Boston when mid-March rolls around and the topic shifts to sports, you just know the guy from out of town is going to ask you, “so, how are the Sox looking this year?” as if every guy from Boston is a baseball expert just because he’s from Boston.  Though maybe this year, you might also get asked “get any water in your basement?” as March really rolls in like a lion in 2018!

But seriously, as we dream of warmer weather, the smell of fresh cut grass, and the distinct pop of a long fly ball – when you’re the expert, you know what’s on people’s minds and you know why it’s on their minds.

When it comes to IT Security, data security is that topic – after all, data really is the crown jewel of most organizations and attackers know it.

Since we’re data security type guys and are sadly not gifted with wicked good baseball skills like Red Sox 2B Dustin Pedroia, we get asked about what we do know: how to protect data.  While consulting with our clients on data protection initiatives, no matter the business vertical, it seems that one question that we’re always asked is “what should be really important when selecting a data protection strategy?” And, if you have a similar question, you’re likely wondering about the answer. From our experience, it comes down to four areas: Security, Scalability, Integrations, and Cost.

Security is and rightfully should be the most important part of the solution. When it comes to data protection, that means being able to provide iron-clad protection without taking short-cuts, or as we call it “checkbox” security. A good example of that might be any one of the Data at Rest solutions that encrypt data on disk or in a database. Is the data encrypted? Yes.  But is it really protected? No, not if you want to use that data. In reality, you need a solution that gives you security as you use your data, whether it is at rest, in use, or in motion. comforte’s SecurDPS solution allows you to do just that by tokenizing individual elements that you deem sensitive. Instead of checkbox security, you end up with a protected dataset that can be used throughout your organization, giving you the flexibility to decide when and where the actual values are necessary, which means that your data is protected throughout its lifecycle.

Scalability is always important and your solution has to be able to natively scale at performance. That means it has to be able to allow you to protect your data within your SLAs without putting undue burden on your infrastructure (of course, without sacrificing point #1, Security!). We’ve had so many CISOs tell us about how some solution looked great, passed their PoC evaluation criteria, but then in production simply couldn’t scale to meet new demands. That means having a bit of healthy skepticism towards solutions that can’t easily be customized or adapted, but it also means finding a solution that scales the way your infrastructure does. For instance, if it’s a database application, can it handle all the requests from multiple user sessions but without consuming database resources? On-node encryption might be able to handle lots of requests, but all those FPE crypto operations consume database resources that you can’t neglect, especially if it is a tuned converged database system. However, comforte SecurDPS allows you to meet those user and application demands while naturally offloading all the compute onto our Protection Nodes, allowing you to maintain your SLAs and use your infrastructure appropriately.

Integrations are something that often are neglected but shouldn’t be. It’s all about how you use the product (or is it how the product lets you use it?). Some data protection solutions might take a standards approach and not sacrifice security, but they are simply too hard to use or you find that you have to make a lot of changes that you didn’t expect. One client memorably lamented, “I thought the $1M investment would give me what I needed – but when I moved to implementation, I realized that it was going to cost me an additional $1-2M in development and resources to implement the product as advertised.” What’s important is to find a product that gives you lots of options, but options that are well thought out from an ease of use perspective, not just “here’s an API, the possibilities are unlimited!” At comforte, we have this as a core philosophy and it is how our products are implemented. Sure, we give you access to our API, but we also give you solutions to securely protect data without having to rip apart your applications or infrastructure – and it’s built right into SecurDPS so there isn’t a third-party product to install.

Cost is always a factor in any decision and it’s often related to Scalability and those critical Integrations. But, it’s more than that. It’s how the product is licensed and how you can consume it to maximize the benefit to your organization. Just when you have found the perfect product, you all too often realize that it is just cost prohibitive. Take for instance Hadoop. Protecting sensitive data as it flows and is used in Hadoop is critical today as Big Data projects come online. In fact, finding unprotected data often stops those projects, and data security projects often act as an enabler to those Big Data initiatives.  Since they seem to go hand-in-hand, the solution should be offered to you in a Hadoop-friendly manner. Some solutions require you to pay a license fee on a per-node basis, whether the node contains sensitive data or not. Additionally, after you’ve licensed all those nodes, you then realize you need to buy additional licenses to manage all the requests from all those Hadoop jobs. Not to mention, you have to modify all your jobs to add API calls that in turn consume node resources forcing you to add more Hadoop nodes to manage the workload. We at comforte think it should be different – we believe it should be an organic Hadoop solution through and through.  That means you can grow your commodity hardware-based cluster as large as necessary and you shouldn’t have burdensome infrastructure licensing. SecurDPS gives you that, and of course with the Protect Node architecture, you can freely scale to meet your Hadoop workloads, no matter how large or small.

These concerns of course aren’t the only questions that we get asked.  Let us know what’s on your mind. In future posts we can explore these key areas in greater depth. In the meantime, we’ll be off working on comforte SecurDPS – making it even better so you can protect what matters most. Check out our webside for more information about SecurDPS – www.comforte.com/dataprotection.  Now that that’s been cleared up, let me answer your other question: the Sox are looking sharp this year!

Want to learn more?

For a real-world example of how comforte can help companies bolster their data security, check out our recent success story below:

Download Success Story

Related posts