Universal security and privacy automation
Protect data and manage risk
Analyze conversational chat data
Reduce the time and cost to comply
Self-service without friction or delay
Align data protection and business use
Tailor access controls and data privacy
Flexible, consistent, scalable
Automate actionable compliance steps
Who we integrate with
Our professional services
Power responsible use
From clinical to commercial
Optimize data tests
Open new revenue streams
Realize the potential of the cloud
Protect data from misuse
Transform your data
Opinion and industry insights
An A to Z of the industry
The podcast for data leaders
The latest compliance news and advice
Press releases, awards, and more
Staying at the cutting edge
The team behind Privitar
A thriving partner ecosystem
Our story, values, and careers
Dedicated customer assistance
Aug 01, 2019
Capital One, the third largest credit card issuer in the US, is the latest high-profile victim of a massive data breach, in which the personal information of more than 100 million customers was compromised.
With details of the breach still emerging, it’s impossible to provide a comprehensive analysis of what happened. Rich Mogull, analyst and CEO at the information security research and advisory firm Securosis, has delivered a thoughtful, responsible look at what we know to date.
He applauds both how quickly Capital One was able to get to the bottom of the hack and their rapid response to law enforcement and the public.
Yes, Capital One did all of the right things after the breach and Mogull closes his blog post with a sobering and accurate depiction of the state of data security. “No matter how good you are, mistakes happen. The hardest problem in security is solving simple problems at scale. Because simple doesn’t scale, and what we do is damn hard to get right every single time.’
I couldn’t agree more. In fact, this is truer now more than ever. Security is damned hard to get right every single time. Data assets are very valuable and increasingly more parts of every organization access to that data to extract maximum value from it. This makes the job of solving simple problems at scale exponentially more difficult.
Although security is important, the real solution cannot be more of the same. Capital One spends a significant amount of money on cyber security. They also apparently have taken steps to reduce privacy risk. For example, they smartly tokenized some of their identifiers such as account number and social security number. However, they were not completely successful as some of that data was found to be available as were other identifying fields. Perhaps they assumed encryption would prevent access, but apparently the hacker was able to decrypt the data.
I recently transitioned from the cybersecurity space to data privacy. One of the drivers for doing so is that as an industry we have been managing data in much the same way for the last four decades. As is the case with Capital One we’ve tried to add controls around access and we encrypt data when we can (or when it’s feasible), but today, more than ever before, companies not only want to protect sensitive personal data, but also derive value from their data. That requires making it more accessible employees who can act on it.
We need to rethink our approaches. Context is the name of the next game.
A hard look at the bigger picture is required. What valuable information is housed in the data? Where and how does that data need to be used in the business? What is the lifecycle of that data? Answers to those questions and more is the next required step to deliver state-of-the-art in data privacy and protection.
From there we can apply advanced data privacy techniques on the data as applicable while governing the data as it’s being utilized. If we can do all of this at scale with automation, it will protect sensitive personal data and meet the real-time needs of the data consumers within organizations.
Simply put, organizations want to make their data safe and usable without compromising privacy. No small task.
Bob Canaway is Privitar’s Chief Marketing Officer
Sorry, no posts matched your criteria.
Our experts are ready to answer your questions and discuss how Privitar’s security and privacy solutions can fuel your efficiency, innovation, and business growth.