As the founder of Dynamic Data Masking, I have the opportunity to meet many organizations worldwide, who are willing to openly discuss their security challenges.
These conversations have brought me to foresee the birth of yet another category in the fast growing application security market – Jurisdiction-based Access Control.
As privacy regulations are getting stricter by the month across states and countries, CISOs are forced to apply various access policies based on the current geography/location of the user.
Business applications, datawarehouses and development environments are required to mask, scramble, block or audit access upon user jurisdiction and role (business user, production support, IT, outsource or offshore).
For example, a very large global bank approached us to apply different access restrictions and dynamically mask client information based on the location of the end-user. When a business user logs in from his mobile device sitting in his office in Switzerland different access controls and dynamic masking is required than when he is accessing it from the French, UK or the New York office.
This also resonates with yet another quickly growing security challenge, where large outsourcing initiatives and cloud implementations require limiting access and dynamic masking various application modules based on the role and geography of the end-user (For example, an off-shore workforce accessing the CRM application of a European and the location of the data.)
Another dominant driving force for quick adoption of Jurisdiction-based Access Control is the European Privacy Act that prohibits users outside of the EU to access personal information of EU residents, moving all organizations with European operations to implement these technologies by early 2013 as required by law.