Application Data Privacy is Evolving — Are You Evolving With It?
Skyflow recently partnered with DarkReading Research to learn how developers view and interact with current data security challenges.
What we found in this survey was very revealing — while a majority of developers report spending a quarter of their time or more meeting security requirements, 82% of developers report struggling to fully embrace security-friendly architectures. And, while security and privacy are becoming a more important part of a developer’s workflow and skillset, but this has not necessarily translated into better security outcomes.
This study shows that the growing number of security and compliance laws and regulations have translated into more work for companies and developers, but this work does not always make data more secure. Instead, companies are forced to search for creative ways to satisfy these requirements, creating a new demand for out-of-the-box compliance and security products. This trend is likely to continue as more jurisdictions pass complex data privacy laws in the future.
Where is Your Sensitive Data?
A persistent problem with data security is keeping track of where sensitive data resides. A customer who provides their name, an email address, and a physical address to a company might have different parts of that dataset replicated across various internal systems. The customer support team will use some elements to assist the customer, while the operations team uses these data points to create a customer profile and provide the services they are paying for. This “data sprawl” only increases when companies use third-party vendors and services.
Our survey found that while most respondents claimed to have a decent understanding of where sensitive data resides, very few (18%) claim to have a “perfect” understanding. This is the inevitable result of companies struggling to find a balance between security and usability — locking down data means providing minimal to no value to customers, but a lack of security architecture can put their data at risk.
How Well do You Know Your Team?
One of the more alarming insights this study revealed is the gap between what developers know about security and sensitive data and what their managers assume they know. 42% of supervisors surveyed believed that their teams are “very knowledgeable” about data security, but only 23% of developers expressed the same level of confidence.
This reveals a lack of communication with potentially disastrous outcomes. If decision makers are unaware of the state of data security at their company, they could potentially become over-ambitious about what kind of products and services they can safely offer. It could also speak to one of the central issues of data security: the balance between data security and usability. Developers might be hesitant to speak candidly about security issues for fear of pushing out deadlines and slowing down product development.
Privacy and Security: Shifting Left
Despite these communication issues, the survey revealed that there is a shift in the way development teams plan out and execute on projects, with 83% of respondents reporting that early planning and product design stages include security and compliance considerations. This represents a broader awareness of the need to “shift left”, putting privacy and security as early as possible in the software development lifecycle and giving developers the time to consider architectural solutions to compliance and security problems.
Why Build When You Can Buy?
The survey revealed a much greater preference for implementing third-party security products and tools than creating them in-house. Only 22% of respondents said they built their own encryption tools, while 23% built their own tokenization. Other security services (access control, data security, and data residency) were more likely to be built in-house.
The willingness of developers to adopt or buy security solutions is a positive step, but this survey also shows that many developers lack confidence in third-party access control, data security, and data residency tools.
At Skyflow, we believe the best solution to meet security and compliance requirements is to use Skyflow’s Data Privacy Vault. Far from an a la carte tokenization or encryption tool, Skyflow’s Vault provides encryption, tokenization, access control, security, and data residency – all while giving you control of your data.
Learn What Your Developers Need
Are you interested in finding out which tools and services your developers are most interested in? Check out the full survey.
To learn more about Skyflow’s unique approach to data security and compliance, get in touch with us.