August 5, 2021
Why You Need a Data Vault and How to Get There
If you've got data, you've got problems.
Customer data represents both major opportunity and major responsibility. If you collect and store customer data, you have a number of challenges to consider:
- Compliance: failing a compliance requirement can lead to a loss of business, cause you to incur fines, and face bad press.
- Data Security: storing valuable customer data makes you a target for attackers.
- Data Residency: many governments have restrictions on where PII data can reside
- Data Governance: you need to make sure your data is only managed and used in the ways your business needs and regulations dictate and that you have auditable proof of that happening correctly.
- Secure Analytics: your business needs to continue to mine the data--you want to control the process without putting the kibosh on analytics.
- Secure Data Sharing: you want to make sure that data is usable across organizational silos (and often even outside of your company) in ways that respect confidentiality constraints.
- Encryption / Tokenization / De-identification: you need to securely (sometimes, non-reversibly) tokenize parts of your data.
Some of these objectives require more control and protections, while others call for more flexibility and openness. With the right approach, you won’t have to choose which of these objectives you will meet. You can, with all due respect to Misters Jagger and Richards, get what you want.
All data is not equal in the risk it poses to your compliance posture. Most users of your data do not need all the data elements in order to do their job. This simple observation leads to a strategy:
- Identify: Establish which data elements are the ones with the security, privacy, and compliance risk--these are the sensitive elements.
- Isolate: Remove the sensitive elements, store them ‘elsewhere’, and replace them with tokens--placeholders that are meaningless on their own but can be redeemed by an authorized entity to get the real value. If needed, the tokens can be of the same format as the sensitive value (e.g. look like a credit card number, or an SSN, etc.) which means that your systems will not ‘choke’ on the tokens.
- Protect: Store the sensitive values in a vault that respects data residency requirements. A proper data privacy vault will both protect the sensitive data and allow you to enable carefully governed access to the data.
- Harness: A good vault will not lock up your data, but will allow authorized systems and processes to continue to work with the data to the extent needed to meet the business use case. It will allow you to easily define the permitted uses and provide audit logs to prove the correct functioning of the whole system.
Skyflow understands that using a data vault for your sensitive data is a big decision. We are therefore releasing a white paper that walks you through a consideration of alternative approaches to your data protection problems. This will hopefully convince you that a data vault is the right approach, and will also give you a list of functional requirements a good data vault will have, whether you choose to buy one or build your own.
The above strategy, with the right data vault solution, will enable you to continue to execute on your business use cases without the risk of breaches or data siloing.
Get your copy of our white paper here.