When building a data privacy program, many companies struggle to show value to the business and thus see it only as cost, and thus a burden. This represents failure to understand the real value that a proper program can bring.
A recent Cisco Data Privacy Benchmark Study from 2020 showed that enterprises implementing proper privacy realize an average 2.7x return on their investment. So how can a company make the leap forward and get everyone on board to accelerate data privacy?
For starters, the company needs somebody in charge of data privacy with the power to move the project forward. GDPR defines a Data Privacy Officer. But this is a public-facing position, and often cannot convince internal stakeholders to invest in the project. Another, internal role is needed: the Data Privacy Driver (DPD).
The DPD’s job starts with analyzing internal data topology: what data is stored, where it lives, where it moves—both unstructured data (files) and structured (databases). This can sound daunting, but Micro Focus tools like File Analysis Suite (FAS), Control Point (CP), and Enterprise Analyzer (EA) can automate the tedious parts, allowing the DPD to focus on identifying critical data and determining appropriate protection methods.
Once the data environment is understood, the DPD can use third-party data, such as the Ponemon Institute’s research on cost of data breach, to calculate company exposure if the data leaks. This allows shifting conversations about data privacy from the methodology towards the business discussion about financial impact—the turning point for companies struggling to get traction internally. Once the company understands the operational risk and the real cost, working toward remediation becomes natural. “What can we do to reduce this exposure?” is what any owner or board of directors will ask!
The answer, of course, is data security and management. And again, Micro Focus tools can help.
For unstructured data, Voltage SmartCipher can automatically protect any file, encrypting it and attaching policy that defines the access rules. In concert with FAS, CP, and EA, this can automate the protection process based on file location and/or content.
Structured content can be protected using Voltage SecureData’s Format-Preserving Encryption (FPE), Secure Stateless Tokenization (SST), and Format-Preserving Hash (FPH). With these technologies, most business processes and analytics can operate on the data in its protected state—reducing risk, maximizing protection, and, best of all, requiring minimal or no code changes.
With a robust data privacy and security program in place, companies can describe how they have reduced exposure to cyber-attacks and data breaches, improving confidence for customers, investors, and employees. With help from Micro Focus tools, any company can shift from struggling with data privacy to a new approach that lets them realize that 2.7x ROI!
There’s a great opportunity to learn more on this topic. Be sure to register for the Micro Focus Virtual Universe North America conference. For more information on a business-driven approach to data privacy, here are four sessions we especially recommend:
Tuesday, May 19, SRG – Track 2:
- 12:00 p.m. – 1:00 p.m. CT: Track keynote: Secure Digital Transformation: Focus on Outcomes, John Delk, GM, Security Risk & Governance
- 3:00 p.m. – 4:00 p.m. CT: “You Can Have Security Without Privacy…” with three customer guest speakers from Allstate, Fiserv, and BMW Financial Services.
Wednesday, May 20, SRG – Track 2:
- 1:30 p.m.–2:30 p.m. Workshop: Securing Data in the Cloud
- 3:00 p.m.–4:00 p.m. Workshop: Sensitive Data Management - The Journey to Privacy
Micro Focus Virtual Universe North America – we look forward to “seeing” you there!