Digital transformation is changing the face of the modern data-driven enterprise. The 2019 Thales Data Threat Report-Global Edition found that 97% of organizations surveyed are implementing digital transformation with 37% reporting aggressive transformation.
Digital transformation is essential for enterprises to serve customers better, improve operational efficiency and ultimately create key competitive advantages. However, digital transformation is also a significant vulnerability that can raise an enterprise’s risk profile. The report shows that 97% of enterprises adopting digital transformation technologies use sensitive data within these new environments, but only 30% use encryption to protect data in these environments.
Leaving sensitive data unprotected in digital transformation environments such as cloud, big data, IoT, containers or mobile payments is a major threat to any enterprise. The 2019 Thales Data Threat Report also mentions that 60% of respondents said they have been breached at some time in the past, and 30% were breached in the last year!
Compliance Takes Center Stage
Raising the stakes for enterprises, new privacy and data protection laws are being enacted around the world to protect consumers in the digital universe. The state of California, the world’s fifth largest economy by GDP, has enacted state law AB 375, otherwise known as the California Consumer Privacy Act (CCPA). The act, taking effect January 1, 2020, is similar to the EU’s General Data Protection Regulation (GDPR), and will require companies around the world to observe specific regulations when handling the data of California residents.
Brazil has also just passed its own data protection law called Lei Geral de Proteção de Dados (LGPD). Broadly similar to both the GDPR and CCPA, the LGPD applies to any company that has a branch in Brazil or offers services to the Brazilian market and collects personal data located in the country. And that’s not all. Argentina also has a data protection bill in final review by the legislature, and other countries have started their own working groups to consider data protection matters.
However, digital transformation is creating a complex hybrid IT environment that is a major challenge for the protection of sensitive data. Existing platform-based security solutions cannot protect data as it flows throughout the enterprise, across multiple cloud-based and on-premises systems. Enterprises must focus on the protection of the sensitive data itself, wherever it goes. The adoption of pseudonimization and anonymization solutions, based on encryption and tokenization technologies to protect an enterprise’s most sensitive data, is a key component of any compliance program to reduce an enterprise’s risk.
Thales has a proven track record of deploying advanced data security solutions and services that help enterprises comply with complex mandates such as PCI and legislation such as GDPR. Whether an enterprise is migrating to the cloud or adopting containers, big data, IoT or any other transformative technology, Thales can help secure their most sensitive data and give them peace of mind to accelerate their digital transformation.