Protected by Design – How Data Virtualization Can Reduce Data Privacy Risk

by Mark Pritchard

Companies face ever increasing regulation to protect and respect the personal information they hold about their customers, prospects, and employees. The introduction of the European Union’s General Data Protection Regulation (GDPR), which will come into effect on May 25, 2018, is one such regulation. The GDPR details how companies must protect personal information, and advises them to begin preparations immediately if they have not already begun to do so since the regulation was first published back in May 2016. Companies that fall out of compliance with the GDPR will not only be required to pay extremely large fines, but may also face lawsuits and additional audits. Should companies suffer a data loss as a result of noncompliance, they will also have to pay the substantial price of rebuilding customer trust, and recovering brand confidence.

Despite their best efforts, many organizations will find it challenging to comply with the GDPR since data is often stored across a wide range of heterogeneous data sources, both on premises and in the cloud. Also, sensitive data is often replicated around the enterprise to support reporting and other applications on a project by project basis.

This poses problems from a security and governance point of view. For example, how do you ensure that appropriate security policies are applied consistently across distributed and replicated data stores, and how do you keep track of where sensitive data resides and who is using it once it has been replicated out of the source systems?

To overcome this challenge, data virtualization is fast emerging as an architectural approach to quickly gain control over sensitive customer information stored across multiple systems. How? By establishing a single, unified logical access layer across on and off-premise systems.

Using this approach, and when data consumers need to access a source, they do so through the data virtualization layer which provides them with a secure, virtual view of the data. This layer also reduces the need to replicate data for reporting purposes, which removes the governance and privacy issues typically associated with having duplicated personal information replicated throughout the enterprise.

How Reducing Replication Leads to Reduced Risk
The core function of data virtualization is to enable distributed data to remain at the source, but expose it through a single logical layer to consumers. This removes the need for continual data replication. Less replication means fewer copies of personal and sensitive data spread around the organization and fewer problems with data security and governance.

Data virtualization also allows consumers to access data in real-time. This ensures they receive the most up to date information which is important for regulatory compliance initiatives such as GDPR that penalize companies for using inaccurate customer data.

However, not all data is located within the enterprise as more and more information is located in the cloud. Data virtualization enables cloud data to be combined and accessed through this same virtual layer, bringing this off-premise data into the central governance framework.

Since users access distributed data through a central point, data virtualization provides a mechanism for the central audit and lineage of sensitive data, so data access can be more easily tracked to the individual consumer. A virtual layer also allows security administrators to control all access to data through a single point. Views are traceable, audited, and information is only delivered to authorized consumers, and can be masked where appropriate.

Lastly, data virtualization provides a consistent security model across all the sources of data, so that data is protected and governed to the same level no matter what the capability of the source system. By using data virtualization, companies can quickly centralize security and governance across their data sources and reduce the risk of a data privacy breach.

Data privacy regulations are forcing organizations to include, and prove, data privacy has been considered at every stage of design and implementation of any new project. A central approach facilitated by data virtualization reduces the cost of complying with the increasing numbers of proactive data privacy regulations and allows data privacy to be included by design. New projects can access data quickly from the virtual layer, rather than having to replicate and consolidate the data locally.

Data virtualization enables companies to quickly and cheaply retro-fit governance over their legacy replicated data sets, which places a virtual layer over the replicated data to automatically bring it under the centralized governance model. By providing a central point of access to data through a virtual layer, organizations can significantly reduce the amount of replication needed, while allowing existing silos of replicated legacy data to be consolidated under the data virtualization layer without affecting consumers. This reduces future risks and financial exposure, in addition to the complexity of integration and associated total costs of ownership.

In today’s competitive climate, companies need help to meet the challenges posed by increased regulation and reduce the risk to their reputation, brand and, more importantly, their customers. Data virtualization quickly imposes consistent privacy and security rules to legacy systems, allowing existing sources of personal information to be brought into compliance. Using data virtualization, companies can protect their data privacy by design in all new systems: which is a key requirement for compliance to GDPR.

Mark Pritchard is the director of sales engineering UK at Denodo.



Leave a Reply

WWPI – Covering the best in IT since 1980