April 12, 2022
The State of Data Privacy: My Interview with ISMG
Data privacy, security, and compliance are no longer only the concern of the security team. Because every person at your company interacts with sensitive data, security has become an “everyone problem”. I recently spoke with Tom Field of ISMG about this shift in priorities.
With so much sensitive data floating around in systems, companies can no longer afford to “move fast and break things”. You have to strike the right balance between protecting yourself with an all-out security approach and preserving data usability. In my interview with ISMG, I go into detail about the nature of this problem and the importance of making security a focus from the beginning of a project to its completion.
Who Cares about Security?
Security is everyone’s concern — sensitive data has become an essential part of how companies provide value, and everyone from the security team to customer support agents need to have access to it.
In any company, everyone needs to take pride in the quality of the product. Even if there is a dedicated team responsible for quality assurance, QA is everyone’s problem. Similarly, even if you have a CISO who is ultimately responsible for security, security is everyone’s problem.
If you’re designing or developing a UI or a data platform, you need to think about the security of the system and data.
When Do You Start Worrying about Sensitive Data?
Thinking about data privacy and security has to start at the beginning of any project. If you try to kick that can down the road, you are setting yourself up to fail. Imposing security constraints later on an insecure architecture or system is bound to lead to more problems.
There’s another way that your thinking about security needs to evolve — if you begin a new project or start to develop a product, the temptation is to ignore security because you are afraid it might compromise the usability of data. However, this issue needs to be at the center of your planning because limitations to usability will never stop being an issue. Therefore the question is, do you want to address security before you are inundated with sensitive data, or after?
Why a Data Vault?
We believe a data privacy vault is the right approach for securing data in a manner that retains flexibility and usability. Phone numbers, SSNs, addresses, and so on are all unique data structures that can be secured in different ways. Skyflow Data Privacy Vault has out-of-the-box encryption and tokenization solutions that let you provide exactly the sensitive data that a team member or application needs without putting PII at risk.
Because you will likely want to channel encrypted data to different vendors and services, having a central store of data is a great way to remain vendor-agnostic and avoid getting “locked in” to a single service provider for workflows like payments.
Read the Full Interview
If you’d like to learn more about how data security and privacy are changing, you can read the full interview here.