Hybrid IT – the new normal
What Is Hybrid IT? At its most basic level, hybrid IT is a blend of cloud-based and on-premises IT services.
When applications and data were all maintained on-premises (or in-house) standardization was a best practise and security was much simpler. Now that the business and IT are realising the benefits of cloud services, hybrid IT is the common strategy. The new benefits of agility and flexibility brought by hybrid IT come at a cost… How do we keep these more vulnerable applications and data secure?
Consequently selecting the right security strategy has become an ‘IT infrastructure must!’
The plea for data-centric security
Every company is ultimately responsible for its data security, even if the data is stored in a cloud service environment. Traditional security approaches depend on perimeter-based intrusion detection, password protection, and other access-based measures. However, the industry has seen time and again that nefarious actors still find a way to steal our most valuable data.
The answer is to focus on data-centric security, which travels with the data even if that data moves outside a protected perimeter. A data-centric security strategy protects the data itself and helps to protect it across IT infrastructure borders.
Given the size of fines and the enormous reputational damage to corporate brands stemming from data breaches and unauthorised access to sensitive data, every business should follow two fundamental principles:
- Protect sensitive data as early as possible in its lifecycle
- De-protect data only when absolutely necessary
Diverse regulatory requirements make data protection an absolute necessity. Patient health data processing regulations including HIPAA in the US, privacy regulations such as the EU’s GDPR and Brazil’s LGPD, and international transactional data regulations like PCI DSS all specify minimum standards of data protection and require compliance from organizations operating within specific domains. No matter what, the sensitive, identifiable data of persons, patients, and customers must be protected.
Implementing data-centric security requires a platform that not only offers protection methods which fit your use cases, but that also integrates easily into your enterprise applications and existing cyber-security infrastructure. Ease of integration very often can be the deciding factor in determining the cost and risk associated with any data protection project.
Organizations need a data protection solution that supports their current and future IT environments, whether those are on-premises, in the cloud, or a hybrid of both.
Essential data protection mechanisms for data-centric security
Protection mechanisms such as tokenization overcome the shortcomings of classic security solutions and are essential components of a data-centric strategy. These data protection mechanisms safeguard sensitive data while preserving its original format, giving it referential integrity and resulting in a dataset that is the same size as the original. The de-sensitised data has the identical statistical distribution as the original data to ensure that all the characteristics and properties of the dataset are preserved.
This eliminates the dilemma of having to choose between security or the usability of data in business processes downstream. Tokenization also preserves the ability to perform analytics and produce reports on the data while it is still protected.
How do the data protection methods work?
|Tokenization||Tokenization replaces the original data with a randomly generated, unique placeholder of the same format. There is no mathematical relationship between the token and the original data, so hackers cannot reverse-engineer it.|
|Format Preserving Encryption (FPE)||Similar to tokenisation and unlike classic encryption, format-preserving encryption (FPE) encrypts the data in such a way that it maintains the same format as the original data.|
|Masking||Data masking anonymises sensitive data by creating a structurally similar but not authentic version of the data. Unlike tokenisation and FPE, masking is permanent; that is, it is impossible to reverse it to obtain the original values.|
Benefits of a data-centric security strategy
By adopting a data-centric security strategy, enterprises can:
- Protect sensitive information within hybrid IT environments without impacting the ability to use the data in existing applications and systems
- Comply with regulatory mandates without prohibiting or restricting access to particular datasets containing sensitive information
- Prevent costly and reputation-damaging data breaches
For more insights on data-centric protection, please read the ebook ‘Data-centric protection explained’.