The democratisation of technology and the introduction of the GPDR have combined to make the masking or pseudonymisation of data an important topic for all organisations – not just big business.
In this blog, Northdoor explains why SMEs need to consider their data masking strategy, and how new tools can help ease the strain.
Masking data – that is, removing identifying characteristics like real names while leaving the structure and format the same – was once something that only large organisations did to any great extent. But with the digital age encouraging and enabling even very small businesses to maintain multiple web and mobile channels, what were once big-company challenges are now shared by all.
One of the key factors driving the growth of data masking among small and mid-sized enterprises (SMEs) is the need to support agile software development methods. It is, of course, vitally important to ensure that new web and mobile apps work as expected, and that means thorough testing using data that is as close as possible to the real thing. (Using real data in test scenarios is a no-no, because of the risk of accidentally leaking sensitive information, and the potential for heavy fines under the GDPR).
Modern agile software development is characterised by multiple, frequent updates to code, each of which require full testing. If developers – whether internal or external – need to spend time preparing masked data for each test cycle, delays and costs will rise very rapidly, and the evolution of apps will grind to a halt. Simple solutions like using random data generators will tend to fail because randomly generated data will miss crucial exceptions and fail to represent the real world.
For large enterprises, there are sophisticated software solutions for creating and managing policies and procedures around the masking of data. In exchange for a large monthly fee, companies can give their developers and other staff access to intuitive tools for cooking up new sets of masked data for each new requirement. The time and effort saved across large numbers of people will more than justify the cost of the data masking solutions – and the large companies also get the benefit of shorter time-to-market.
For SMEs, using a traditional data masking solution could well be a case of sledgehammers for nuts. Happily, a new generation of more cost-effective solutions is now available. Armed with the latest technology, SMEs can create solutions that are sized and priced for their needs. Just like their big siblings, these solutions enable the creation and management of data masking policies, the automated discovery and classification of sensitive data and metadata, the automated delivery of correctly masked data on demand, and the ongoing monitoring and auditing of practices for compliance. The inclusion of pre-built metadata for packaged applications enables almost plug-and-play deployment with existing technology, cutting costs and diminishing the amount of internal expertise required.
Particularly for small organisations with large volumes of sensitive data (for example, GP surgeries), the lack of a formal IT department would previously have made data masking almost impossible. With the latest right-sized solutions, business users can manage data masking for themselves. Whether they are providing test data or using masked data for internal purposes, these users can work flexibly, efficiently and within full compliance.
To find out how Northdoor can help you deploy and manage a cost-effective data masking solution, contact us today.