On Friday June 10th USA Today’s front page had an article about companies being required to report data breaches entitled: Citigroup latest to report data breach.
This was on the heels of Citigroup’s acknowledgement a day earlier on a major data breach of customer account information that occurred. Thus far in 2011, there have been 251 reported data breaches, which is on track to meet or exceed last year’s total of 597 data breaches. The article went on to reference a recent survey by Symantec and the Ponemon Institute which included 51 data breaches and indicated that each data breach costs an average of $7.2 million, and the costs continue to climb. Remember when we heard laptops were being stolen from corporate offices? Companies have adjusted to that security hole and now hackers have shifted their attention to databases. Industry estimates that databases have become by far the largest percentage of total data breaches. With structured data, the most vulnerable area for data breach is in non-production environments. Production databases are usually fairly secure. However, when testers are given copies of databases to test or develop against, whether using an internal team, or outsourcing to offshore partners, the risk becomes much greater. Data Masking is a way of providing testers with smaller environments that have contextually accurate, desensitized data. As opposed to encryption, Data Masking cannot be reverse engineered. The methods used in Data Masking have become very sophisticated and provide many Data Masking options. This allows Data Masking to meet just about any testing/development requirements.
With $7.2 million in looming costs per data breach, can you really afford not to mask data?