LaunchDarkly announced the private preview of Warehouse Native Experimentation, its Snowflake Native App, to offer Data Warehouse Native Experimentation.
Data Masking as Part of Your GDPR Compliant Security Posture
May 08, 2018
With data breaches consistently being in the news over the last several years, it is no wonder why data privacy has become such a hot topic and why the European Union (EU) has put in place General Data Protection Regulation (GDPR) which will become enforceable on May 25, 2018, which is less than a month away!
GDPR applies to any company that collects or processes the personal data of EU data subjects, which could be EU residents or visitors. It regulates how to protect an individual's Personally Identifiable Information (PII), which includes all data that could potentially be used to identify an individual such as their name or e-mail address. And the fines for non-compliance are severe up to 20 million euros or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.
While authorities will be reliant on customers reporting non-compliance and there will be a bigger focus on more serious violations, it is important to identify areas of risk and to take appropriate action. GDPR stresses that software which handles PII follow principles of data protection by design and by default. An appropriated technical and organizational measure to achieve this is with "pseudonymization."
Pseudonymisation is an overarching term for obfuscation approaches like data masking which intends to secure confidential information that directly or indirectly reveal an individual’s identity.
Data masking is the ability to replace or obfuscate sensitive data with a non-sensitive equivalent. So, for example, rather than using credentials that reflect an individual’s name such as "nturner" using something like "xyz9876". Now this approach only works if in the same application that data masking can't indirectly reveal an individual's identity by associating with a captured IP address or e-mail.
Only data that is truly anonymous is exempted from data protection but data that has the potential to reveal identifies is classified as pseudonymized which is still considered personal data. GDPR does incentivize the use of leveraging pseudonymization as part of your security posture to satisfy the design of data protection. In the case of a data breach, if the data is unintelligible to any person who is not authorized to access it then certain notification requirements are no longer required. Additionally, data access requests and disclosure requirements are relaxed when pseudonymization is leveraged.
So how does all of this pertain to the use of software in your infrastructure or in the cloud? For applications where PII is not required as part of use of the platform, it is recommended to employ data masking for user credentials associated with access to the software; and in scenarios where email addresses are needed, that group distribution lists or associated masked email addresses are leveraged. This is so that in the event of a data breach, there is no direct PII available in that system and the information would be unintelligible as it would require access to additional systems to correlate back to an individual.
Of course, that is easier said than done, but again considering the severity of non-compliance the associated work of limiting exposure by employing data masking is a small price to pay that will benefit your organization in the long run.
Industry News
February 13, 2025
SingleStore announced the launch of SingleStore Flow, a no-code solution designed to greatly simplify data migration and Change Data Capture (CDC).
February 13, 2025
ActiveState launched its Vulnerability Management as a Service (VMaas) offering to help organizations manage open source and accelerate secure software delivery.
February 12, 2025
Genkit for Node.js is now at version 1.0 and ready for production use.
February 12, 2025
JFrog signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS).
February 12, 2025
mabl launched of two new innovations, mabl Tools for Playwright and mabl GenAI Test Creation, expanding testing capabilities beyond the bounds of traditional QA teams.
February 11, 2025
Check Point® Software Technologies Ltd. announced a strategic partnership with leading cloud security provider Wiz to address the growing challenges enterprises face securing hybrid cloud environments.
February 11, 2025
Jitterbit announced its latest AI-infused capabilities within the Harmony platform, advancing AI from low-code development to natural language processing (NLP).
February 11, 2025
Rancher Government Solutions (RGS) and Sequoia Holdings announced a strategic partnership to enhance software supply chain security, classified workload deployments, and Kubernetes management for the Department of Defense (DOD), Intelligence Community (IC), and federal civilian agencies.
February 10, 2025
Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.
February 10, 2025
Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.
February 07, 2025
Are you using OpenTelemetry? Are you planning to use it? Click here to take the OpenTelemetry survey.
February 06, 2025
GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.
February 06, 2025
Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.
February 06, 2025
Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.
