Mary Robbins discusses how DevOps can help the finance industry protect personal data
This article was originally published in the Autumn 2018 issue of The Record.
These are exciting times for the financial services industry. New technologies and innovative tools are helping companies deliver more advanced products and a higher level of customer service.
But these are also challenging times. New data privacy legislation like the General Data Protection Regulation (GDPR) in Europe will soon be joined by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act in New York, the Consumer Privacy Act in California, the Personal Data Protection Bill in India, and many others around the world.
A common strand running through every regulation is the requirement to protect personally identifiable information, prompted by the increasing number – and size – of data breaches.
Unsurprisingly, hacking is the major cause and accounted for 59.4% of breaches in 2017 according to the Identity Theft Resource Center. Importantly, however, 22% of breaches were down to internal issues such as employee errors, accidental exposure, and insider theft. It’s this area where companies need to focus their attention because it means changing the way they maintain current services and develop promising new ones.
Many will be driven by an application which has a database at the back end to collect and process customer data – the kind of data the new data privacy regulations are designed to protect, and which goes far beyond the usual suspects like credit card numbers.
Those applications and databases will often be developed using a DevOps approach, which helps to create and update software faster. Instead of relying on ‘big bang’ releases every six months or so, DevOps encourages software teams to release small changes often. So features reach customers sooner, the value of developing them is gained earlier, and companies are more competitive.
This is where the problem lies because Redgate’s 2018 State of Database DevOps Survey revealed that 67% of organisations use copies of production databases in development to test changes. Those copies contain the personally identifiable information which now needs to be protected.
Big enterprises have used bespoke data masking solutions for a long time, but the cost has been a barrier for many companies. However, mass market tools like Redgate’s Data Masker are now emerging.
Offering a simple, repeatable process which can be applied whenever test databases are refreshed with production data, it means companies can still use DevOps in database development to release changes faster, while keeping data safe. Welcome to the new world of compliant database DevOps.
Mary Robbins is DevOps Product Marketing Manager at Redgate Software