If you thought data masking was just for credit card numbers, think again. Across all industries, there are multiple different areas in which data masking can help organisations to work faster, more efficiently and more creatively – all while respecting regulations around data security and privacy. This Northdoor blog explains how data masking requirements are changing.
The introduction of the GDPR has focused attention back onto the topic of data masking. The masking or pseudonymisation of data is no longer confined to specialised use-cases like financial data, not least because the GDPR has transformed practically every piece of information about EU citizens into potentially sensitive data.
In a world where many organisations reach out to customers and partners across multiple digital channels, the need for rapid, low-cost development of web and mobile apps is also driving the growing importance of data masking. Put simply, applications need to be thoroughly tested using data that mirrors the final production environment as closely as possible. Given the restrictions imposed by the GDPR, this means that organisations need constant access to high-quality dummy data representing customers, accounts, addresses, phone numbers and so on. The obvious way to achieve this is to obfuscate real sources of data – and this is often a major (and time-consuming) challenge for development teams.
It’s important to consider enterprise-wide approaches to data masking, and not just to take the strain off software developers. For one thing, with Gartner research suggesting that developers spend up to 30% of their time managing data masking, creating an automated approach could dramatically reduce time-to-market for new applications. Equally, the restrictions imposed by the GDPR mean that there are broader requirements for data masking beyond software development and testing.
In the retail industry, where employee attrition rates are relatively high, human resources staff spend a lot of time exchanging data with HMRC, pension trustees, banks and so on. When preparing data for statistical analysis or for automated exchange, it may not be appropriate for HR staff to view the full details, and an automated way to mask sensitive fields such as salary would be advantageous here. On the business side, information on third-party suppliers may need to be selectively masked depending on who is viewing that information, and for what purpose.
In manufacturing, many of the same points apply, and there may also be a requirement to protect sensitive information around patented designs and techniques. Financial data on customers will need to be masked and managed differently depending on whether it’s held in production or test environments. This will also apply in the logistics industry, where protected information in the form of customer addresses is routinely stored and shared with external partners. Unsurprisingly, data masking use-cases are even more prevalent in the medical and healthcare industries, where some of the most sensitive personal data is found. As this industry seeks to move into connected devices and patient-led care via smartphones, working with external software developers means ever greater requirements for data masking.
Whatever industry you work in, the combined impact of the digital age and the GDPR means that you will increasingly need the ability to mask data rapidly, reliably and cost-effectively. The key is to set up a consistent, repeatable approach that opens up opportunities to do new things with data while remaining compliant. This is not only a technical challenge, but also an organisational one.
If you’d like to understand more about the challenges and opportunities around automated data masking, speak to Northdoor today.