According to a 2018 Opus/Ponemon Institute study of 1,000 CISOs and risk professionals in the U.S. and UK, companies share confidential information with, on average, 583 third parties.
Approximately 59 percent of companies say they have experienced a data breach caused by one of their vendors or third parties over that year.
US data protection company, Baffle, has now released its Data Masking and Exfiltration Control to help with the situation; the technology presents a masking and exfiltration solution that ties access control and usage to data-centric encryption to provide an end-to-end data protection solution.
In addition to data protection that protects data in memory and in use while allowing operations on encrypted data, Baffle Data Masking and Exfiltration Control extends access control capabilities to protect data as it leaves an organization and creates a simple way for businesses to responsibly share data with third parties.
The service offers two key features designed to protect businesses from common threat scenarios:
- Data Masking: Without modifying applications, businesses can mask and protect data in test and development environments, and when sharing data extracts with third parties across the supply chain. This minimises risks during data breaches with massive data exfiltration.
- Dynamic Data Entitlements: Businesses can set policies that limit access to highly sensitive data, such as a human resources or customer database, based on user or organization identity to ensure data privacy and minimize the risk of data leakage.
In both cases, an attacker would not have access to any data in the clear, which helps reduce the available attack surface to steal data and minimizes data breach risks which all businesses face today.
Furthermore, businesses can identify and responsibly share data with third parties, controlling which portions of the data are relevant for each third party, without overexposing their datasets and sharing it in the clear.
Ameesh Divatia, CEO and cofounder at Baffle, said:
“Data breaches continue to occur unabated because companies aren’t protecting data at the source. The vast majority of high-profile breaches, such as Yahoo, Equifax, Marriott, Capital One and others, result from the fact that companies are already compromised.
“The logical response to this type of threat is to protect information in a data-centric manner and work to protect against mass ‘smash and grab’ data exfiltration operations. Baffle Data Masking and Exfiltration Control gives businesses peace of mind to securely share data with third parties, all the while knowing their data is secure from both external and internal bad actors,” Divatia continued.
The post #Privacy: US enterprise launches technology to offset data breach risk appeared first on PrivSec Report.