3 Big Reasons Why Your ETL Should Provide Strong Data Protection

Highly advanced ETL tools already come with strong built-in security features for protecting data. These features should not be taken for granted. In this post, we’ll outline the main reasons why security should be a major consideration in every enterprise-class ETL solution.

1. Crippling cost of cyber crime

One of the key takeaways in Ponemon’s 2012 Cost of Cyber Crime Study was that the average annualized cost of cyber crime was already at $8.9 million per year, which translated to a 6% increase from the previous year. Another key takeaway was that cyber crime affected all industries. In other words, no organization is immune to it.

These costs are mainly due to information theft, disruptions to business, as well as costs associated with recovery and detection.

But why is cyber crime on the rise? Number two will tell you why.

2. More data to protect than ever

Companies are gathering more and more data from people, whether they be customers or employees. A big part of the data being collected consists of personal information (e.g. names, addresses, social security numbers, bank account numbers, drivers licenses, etc.) and other sensitive data. Incidentally, this information can be used by cyber criminals to perform identity theft and other nefarious acts.

In addition to personal information, companies also store financial data, trade secrets, source codes, blueprints, and other confidential information, which in turn end up in the crosshairs of fraudsters, corporate spies, and disgruntled employees.

This explains why ETL processes, which practically all of the business-critical data in the company go through, need to be backed by advanced security features for masking or blocking sensitive information from unauthorized access. If data is ever lost, consider a recovery service like raid server recovery.

3. Regulatory compliance

In the United States and the European Union, businesses are subjected to a wide range of legislation in data privacy and corporate governance. These laws and regulations impose strong penalties as well as reputation-damaging data breach notification requirements to companies who are caught violating their provisions.

Some of the most highly publicized laws include the following:

PCI DSS (Payment Card Industry Data Security Standard) – Covers merchants, processors, acquirers, issuers, service providers, and other organizations that handle credit or debit card information.

HIPAA (Health Insurance Portability and Accountability Act) – Covers organizations in the health care industry that handle electronic protected health information (ePHI). ePHI are individually identifiable information that relate to physical or mental health conditions of a person.

EU Data Protection Directive – Covers both European and global companies that operate in the EU. Just like most data privacy laws, The Directive is aimed at protecting personal data.

SOX (Sarbanes-Oxley Act) – Covers publicly traded companies operating in the United States. This law calls for stringent measures for establishing internal control and corporate governance.

Because ETL processes involve vast amounts of data and are responsible for extracting it from various sources and then loading it into data warehouses and data marts, security officers, database administrators, and security consultants should know: which regulations apply to them; what specific data requires protection; where this data is collected, transmitted, and stored; and a host of security-sensitive considerations.

 

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>