Why DevOps Should Be Your Privacy Champions
12/4/2020
Anyone familiar with data privacy legislation will know that The General Data Protection Regulation (GDPR), Europe’s main data privacy law, is considered the benchmark which other regulations follow. It was the foundation from which The California Consumer Privacy Act (CCPA) was built, and will no doubt be the model for others.
One of the main provisions of the GDPR is for businesses to adopt the principle of Privacy by Design, which calls for data privacy to be taken into account during the entire engineering and development process.
For many businesses, sound data privacy practices and compliance measures are adopted once business operations are already well-established. Switching to a Privacy by Design mindset would require a major shift in processes, and changing who is ultimately responsible for data privacy. But for any modern business that handles large quantities of data, this is a necessary change.
Data Protection as Part of the Development Lifecycle
“It’s crucial for data to be secured before it travels from the business into unprotected waters,” Hush-Hush CEO Virginia Mushkatblat recently told CPO Magazine. “And that’s why the responsibility of protecting data now lies with Developers and DevOps teams.”
Privacy by Design necessitates the implementation of data protection processes from the moment a unit of data enters the development lifecycle. This extends protection across your databases and beyond by ensuring sensitive data has been sanitized before it leaves production. Your DevOps team, who are responsible for standardizing, automating, and monitoring the development process, are ideally placed to take on this role.
Automating a data protection solution such as data masking during each cycle of development reduces the risk of data loss, theft, and data breaches without disrupting your development activities or your Agile processes. In essence, the data masking process would form an integrated and essential part of development.
Data masking works by searching your production environment for sensitive elements, which it then secures by substituting identifiable elements with similar values that don't affect the data's referential integrity.
Implementing security practices earlier in development gives you better control of data in your business and ensures everyone is accountable for your customers’ sensitive data.
“A typical enterprise has huge volumes of personally identifiable information (PII) and sensitive data sitting in non-production environments, which are used for analytics, testing, and QA. In many instances, this information is shared with third parties, emailed to colleagues and even saved to desktops where protective measures cannot reach,” Virginia told CPO Magazine. “Masking early mitigates this risk.”
With Hush-Hush Data Masking components, which form an essential part of the development toolkit, it’s easy to automate the data protection cycle with even large databases.