Who is Accountable for a Breach to Your Data Integration Environment?
Enterprise Data usage has never been higher than it is today; and data usage is continuing to grow as Data fueled applications are the norm. The variety of sources, the volume, the transformations and prolific use of Data makes Data-Integration a critical ‘hub’ of enterprise data that enables critical business processes. In this Golden Age of Data, data breaches are on the rise as well. Breaches are costly – lost business, liability and reputation to be repaired – to name a few. The truth is, while data volume and usage is trending up, business not only needs ‘data’ but also ‘compliance’ in order to thrive.
Let’s consider the following questions to a DI practice owner, assuming sensitive data flows through their DI systems –
- Would your DI practice pass an audit for Risk and Compliance?
- If there was a breach to your DI systems, what would be the cost of the breach to the company?
- Who would be held accountable?
It is not surprising that an overwhelming number of responses for these questions would be underwhelming with respect to awareness and readiness.With Privacy legislation trending up (GDPR for instance) data owners are becoming aware that they are accountable for their data compliance and maturity of their data integration practices.
The challenge in front of the Data Integration practice owner is to support necessary data usage while meeting compliance requirements (like HIPAA and GDPR) and keeping risks under control.
Traditional perimeter based security controls do not know much about data entities and they also do not take into account ‘data access & usage’ behavior. While some organizations would have clear ‘Sensitive Data’ compliance policies defined, their ability to monitor and evaluate for compliance in their Data Integration environment is not automated, hence inefficient, likely inaccurate at a prohibitive cost. A Data Centric approach to ‘detect, protect and monitor’ requires intelligence about Data entities in order to implement ‘least privilege’ and ‘need to know’ based access control policies. Given that DI environments are ever changing, periodic assessment and automated internal audits are a must to stay compliant and detect non-compliance within critical time windows to keep the risks under control; understanding the state and flows of sensitive information is critical.
Pioneering data security intelligence, Informatica’s secure@Source helps your organization accomplish the following:
- Discover sensitive data with executive and practitioner dashboard views of where your sensitive data assets are and how they proliferate.
- Assess the Risk and Cost of breach to systems in your DI environment.
- Ability to setup custom policies – ‘Data Residency’, cross-group proliferation
- Group systems connected to DI environment – production, non-production – apply compliance policies for each group
- Audit for policy compliance and correct policy violations – Data masking option based controls, alerts on unexpected proliferation