Quote of the day: “It’s not the years honey, it’s the mileage”
Indiana Jones, Indiana Jones and the Raiders of the Lost Ark
Depending on your age, you either remember when you first saw Raiders of the Last Ark or it was the precursor to every action movie you ever watched growing up. As I contemplated the subject for this post, the climactic scene from Raiders, when they open the Ark, kept coming back to me. In fact, the entire movie is a great metaphor for PII.
PII Organizations everywhere have massive amounts of data they want to mine. They know their path for their very survival to complete market domination lies in data. Their challenge, as you probably live every day, is how to use their data legally and do so without opening an ark that could unleash the wrath of super natural forces upon them (or at least serious financial and reputational losses.) While they are just like Indiana Jones, confident they can safely study it for the benefit of mankind, we know there are evil people who want to steal and abuse its power, so in the end it just gets locked away because it is just too darn dangerous.
In our first blog post we discussed just the origins of PII Vault and the years we spent perfecting our technology. In this post we are going to concentrate on the mileage: just how far we have come.
After we built our technology and wanted to make it generally available, we set out to talk to as many industry leaders as we could reach. Fortunately for us, we had the contacts to get to many incredibly knowledgeable and successful leaders across multiple industries.
In our first few meetings to discuss our solution and to gather feedback, we allocated a fair amount of time detailing the problem. That approach came to a quick end when during our third such discussion we were told “You don’t have to convince me there’s a problem. I know there is a problem, everyone knows there is a problem. What I don’t know is if you can do anything about it.”
What incredible validation. Ever since then, our discussions have been able to concentrate on the specific problems the people we were meeting with experience trying to work with PII. Because it was no longer a question of ‘if’ they have a problem but how big the problem is and what are they doing today to address it.
As a result of many such conversations it appears there are four main types of approaches being taken.
- Organization-wide processes
- Enterprise-level software
- Data prisons
- Belloq’s
The first group, those that have an organization-wide approach, are often folks like research institutions. They have been collecting data for years and they have the attorneys, Data Use Agreements and continuous security audits to prove it. They are to be applauded because they have put in the time and effort necessary to make the data they store as safe as possible. The cost must be staggering but still, they are doing it.
The next group, those who use enterprise-level software, have also put in tremendous time, money, and effort. Whether they use one of the countless commercial platform solutions or built their own, they also impose incredible overhead to ensure security. Like the first group, they spend a huge amount to protect their data. Although they created a secure fortress for their own data, sharing or receiving data with others is still anything but easy. Seems that in this regard they are as limited and vulnerable as everyone else.
The third group are those organizations, like most companies world-wide, who do not have the resources or expertise to implement either of the first two options. They simply decided not to use their data for anything beyond its core purpose. Their data is locked away, never seen or used by anyone. They know they are sitting on a goldmine but are too afraid the mine could collapse to start. They are also to be commended. Why risk your entire organization on something you know you cannot adequately guard against? (Wow, if only there was some quick, cheap, and easy solution for them… ????)
Our final group are the Belloq’s of the world. Dr. Rene Belloq was the French archaeologist in Raiders who was Indiana’s arch-nemesis. He felt he could safely open the Ark and reap its powers. Once he put on a new hat, spoke some words of protection and opened the Ark, it even looked like he might be right. Belloq opened the ark, saw what he exposed and exclaimed “They’re Beautiful”. In our world it is as if he used his PII data without sufficient respect for the risks and gained some immediate benefit. But then, just like in the movie, things changed, the angels turned to demons and wiped out everyone who dared gaze upon the forbidden.
To switch metaphors, in our opinion the first two groups are essentially fences and guard dogs. They keep intruders out and promise a painful bite if anyone inside the fence reaches where they should not. Our approach at Anonomatic is completely different. Our solution (continuing this metaphor) is that we ensure there is nothing to steal.
Think of this from the perspective of a bad actor; maybe some foreign state or sophisticated criminals who want your data. They have the resources to keep attacking your defenses continuously until they find a way in. All they need is one slip, one email attachment opened by mistake, one patch not applied in time, or one employee who lost too much money playing online poker. The risks never end.
Now consider how this same hacker will decide which organization to concentrate on knowing one of them is protected by PII Vault. When PII Vault is in use, they know even if they could get into those systems, the data would be useless. Which system would you spend your time trying to breach?
Currently, your PII data is likely stored together with the data it identifies. You undoubtably have controls but if your PII is still stored with your Fact data you still have incredible risk. However, with a self-contained PII Vault container inside your firewall and under your IT control, your compliance people can say “Yes” to more PII based analytics efforts because access to the data your people need no longer implies access to any PII.
This simple shortcut illustrates just how far we have come. Ready to join us on our journey? Try us out, for free.