“Enterprises should implement unified and cohesive data protection policies across their various environments—whether in the cloud or on-premises—that can follow the data regardless of where it resides or how it is being used,” says Rick Farnell, CEO, Protegrity in an exclusive interview with ITSecurityWire.
ET Bureau: What are the challenges that enterprises face while implementing measures to secure their data?
Rick Farnell: The challenges are two-fold. First, too often, enterprises take an outside-in approach to data protection and spend most of their efforts on perimeter security, such as network, application, and endpoint defenses. However, with advancements in cloud computing, SaaS, our mobile economy, and a distributed workforce, data today has no boundaries. It streams across companies, multiple geographic locations, offices, and business groups and spans various networks, systems, and applications.
This omnipresence of data makes it possible for companies to operate and innovate in ways that would have been unimaginable in the past. But, protecting this data at the same time ensuring customer privacy is incredibly difficult. Traditional approaches to data security and legacy security tools are no longer enough to cover an enterprise against data loss, theft, and abuse.
It’s difficult for many businesses to move beyond this decades-long approach of focusing security primarily on perimeter, network and application defenses. This strategy is still necessary, but it’s only partially effective. The different ways in which organizations create products and offer services and in which customers and employees create and analyze data, require a different approach.
Enterprises need to look at the entire picture of their digital infrastructure and services when protecting their data. Effective data security requires end-to-end protection to not only safeguard data, but to honor privacy expectations of customers while still providing unique personalized solutions and services bespoke for each and every customer.
Second, there is a myriad of data protection privacy laws and new AI requirements that enterprises must navigate today. These regulations can be far-reaching, spanning industries (such as HIPAA for healthcare information), U.S. states (such as CCPA for California), and even entire continents (such as GDPR for the EU).
The multitude of regulations already enacted, compounded by the many others that are newly forming specifically around machine learning, algorithmic trust, and AI, only stress the need for businesses to protect the privacy of anyone whose sensitive, personal data resides within their corporate data.
To achieve compliance with these regulations, enterprises need to apply for fine-grained data protection in ways that align with requirements set out by privacy laws and internal corporate policies while still allowing for their business to innovate with the use of analytics and AI.
ET Bureau: How can enterprises unlock the value of sensitive data for AI initiatives while keeping up with evolving data privacy regulations?
Rick Farnell: Oftentimes, the security and privacy needs of a business can become a barrier to innovation, preventing data and analytics professionals from unlocking the full value of their AI and machine learning initiatives.
Furthermore, legacy data security methods can have significant performance impacts on queries, which slows down high-priority analytics projects. Additionally, some data protection techniques—such as encryption—provide a great level of security and privacy but render the data useless for future analysis and use if it does not preserve the data for business use.
There are emerging data protection technologies like tokenization and pseudonymization that are considered “format-preserving” data security techniques. These methods protect the wide breadth of data types—such as dates, numbers, and unstructured text—that are used in analytics while still preserving its format and length, making the data easier to process and analyze in its protected state. These newer data protection methods allow enterprises to meet internal and global privacy regulations, and still use the data securely within their organizations.
With format-preserving data protection, data and analytics professionals can perform analytics directly on de-identified data without needing to unprotect or “re-identify” the data. These fine-grained data-security patterns provide enterprises the control they need to protect data no matter where it resides, without slowing AI innovation.
ET Bureau: How can enterprises accelerate their digital transformation journeys without compromising cybersecurity?
Rick Farnell: The COVID-19 pandemic accelerated digital transformation timelines for many businesses—far beyond the levels of innovation that might have taken place under normal circumstances. Because of this, many companies have begun to struggle with the balance between innovation and the control required by compliance and information security organizations.
Far too often, traditional data security tools can create significant barriers that diminish the customer experience and the ability of businesses to pivot quickly. Enterprises that try to run their data protection through disparate systems have security gaps, require more resources to manage these systems and extensive internal data governance policies that restrict the flow and use of data. As a result, enterprises are often stymied by their governance teams that won’t let sensitive data out of their vault and restrict it from being used for digital transformation initiatives.
To overcome this impediment, enterprises should implement unified and cohesive data protection policies across their various environments—whether in the cloud or on-premises—that can follow the data regardless of where it resides or how it is being used.
ET Bureau: How will AI and other emerging technologies enable enterprises to develop innovative solutions while securing their data in the coming years?
Rick Farnell: Without a doubt, artificial intelligence will be the next frontier of innovation. However, for businesses to finally unleash the potential of AI, they must first ensure that the data behind these systems is adequately protected and adheres to global privacy laws. By doing so, they will be able to tap into the power of a new era of “secure AI,” allowing them to harness the nearly limitless potential of these innovative technologies while preserving privacy.
Data-centric protection is fundamental to delivering on the promise of privacy preservation. Using fine-grained data-security patterns, businesses can maintain data usability in AI and data science – especially for known data or sensitive data – allowing data professionals to deliver innovative new solutions, recommendations, services, and products to customers without ever exposing sensitive data.
When analyzed effectively and responsibly, secure data can help companies expand into new revenue channels, improve business outcomes, anticipate market and industry trends, refine the customer experience, and create internal efficiencies. The key to achieving these outcomes is fine-grained data security, enabling enterprises to confidently pursue secure AI initiatives while guaranteeing the privacy of individuals’ data.
Rick Farnell is the President and CEO of Protegrity, bringing a successful track record as an entrepreneur, executive, and operator of multiple global technology companies. At the helm of Protegrity, Rick spearheads the company’s efforts to scale its industry-leading data-security solutions into the future as companies rapidly invest in data innovation. Before joining Protegrity, Rick founded Rapid Formation, which helps incubate, fund, and scale startups in the AI market. Rick was also the co-founder and president of Think Big Analytics, a big data analytics pioneer, which Teradata Corporation acquired. Prior to co-founding Think Big Analytics, Rick spent over 20 years in a variety of executive management positions in sales, business development, alliances, and consulting for companies such as C-Bridge Internet Solutions and Sun Microsystems.