Chief Information Officers (CIOs) have a tough job. Not only do they oversee the IT assembly line to keep the lights on and operate as a factory churning out applications that add business value, but they also are the point person when something goes wrong.
Everyday CIOs must defend their organisations from attacks by sophisticated cyber criminals and protect their reputations from being impacted by employees who inadvertently, or deliberately, breach enterprise IT security measures from the inside. It’s a precarious position because security breaches don’t look good on one’s CV. A bad tech investment is on par with not investing in technology that could have averted a security breach — it will get the CIO fired.
A matter of ‘when’
Industry trends are not helping CIO job tenures. Findings from a recent survey at Black Hat USA 2015 indicate that 73 per cent of security professionals believe their organisation will likely experience a major data breach in the year ahead. At a time when enterprises’ highest priorities are achieving speed, agility and continuous delivery, this reflects an attitude that it’s not a matter of ‘if’ the organisation will be breached, but ‘when’.
At a time when CIOs are under pressure to drive the development of apps faster, it’s quite common to find sensitive and confidential data in development and test environments. Each app development team needs a clone of the production database to test their apps against. That clone contains sensitive data such as credit card numbers or other personal identity information. If there are multiple app development teams, there are multiple new ways for that sensitive data to be breached.
A huge blind spot is emerging. The stringent security controls and protocols IT relies on to mask sensitive data are not being applied to the non-production databases developers use to create new features or applications. However, the number of global-scale scandals around sensitive data losses reinforces the need for CIOs to architect a new approach that ensures data security is embedded into everyday practices.
A balancing act
Increasingly, CIOs need to find a new way to ensure that even if hackers break in, they won’t be able to obtain sensitive data. One approach is to insert a new layer into IT that automates data masking and makes it part of data delivery to ensure all information is secured before it even reaches developers, QA engineers, analysts or other privileged users.
IT can control the data masking policy and data retention rules, and they can manage who has permission to access the data. More importantly, instead of relying on synthetic data or duplicates of non-masked copies, organisations can readily extend masked data to any application project environment. This approach enables a centralised view of organisations’ data, and it safeguards information for whoever needs it and for whatever project – whether on premises, off shore or in the cloud.
Too often, IT is goaled on delivery and not security. However, by advocating a new approach, CIOs can carefully balance the scales, ensuring the IT function adds business value while maintaining secure processes.
Delivering secure data as a service, organisations can dramatically accelerate app development – the software makes one clone of a database, enabling users on each app development team to quickly test against the freshest data as if they were the only ones using it.
By accelerating app development in a secure way, CIOs can protect the entire business from falling behind the competition. That can save a lot of jobs — and not only theirs.