Podcast #14: Executive Edge with Global Mentorship Initiative CEO Jon Browning
Jon Lunitz interviews Jon Browning, CEO of Global Mentorship Initiative.

As COVID-19 moves business operations to employees’ home offices and kitchen tables, companies are contending with heightened security risks for customer data. In a time of significant disruption to normal operations, a well-planned security strategy is critical to keeping customers’ personally identifiable information (PII) safe and meeting compliance legislation.
With remote access adding a new vector of vulnerability to your company and customer data, data masking is an effective solution to maintaining security and compliance.
Work-at-home arrangements are inherently more susceptible to data breaches for a few different reasons:
Giving remote teams security knowledge and training can go a long way to ensuring data stays safe. Companies should be supporting their people in identifying threats, ensuring home networks and devices are secure, and using a VPN service to encrypt data.
However, even with these protocols and compensating controls in place, companies risk exposing sensitive customer data to malicious actors.
Whether through malicious intent or carelessness, the threat to customer data is often from individuals inside the organization who have legitimate data access privileges.
Put simply, in many cases, the problem comes down to TMI – too much information.
While production data is usually subject to strict security protocols, employees, contractors, third-party partners and outsourcers often have access to copies of that same data for use in less secure operations (e.g., software development, testing, training, customer care, etc.). For the most part, however, they need never see actual PII, like payment card information, social security numbers or email addresses, to carry out their job functions.
Having unnecessary access to all that data opens up a whole host of vulnerabilities. And when business processes are outsourced, it can present a particularly dicey situation since companies relinquish control of the environment in which customer data is stored. From a customer service agent clicking on a sketchy email link to coders working in an insecure development environment, insiders can easily leak sensitive data to malicious actors or create weak spots in the company’s perimeter.
Data masking circumvents this problem by guaranteeing that sensitive data is available only to the employees who require it to do their jobs, and only in the moments when they need it.
The main principle behind data masking is that data remains usable, but the actual values themselves are obscured. By retaining the format of the data while altering the values, data masking creates a structurally similar but artificial version of production data that can be used for development, testing, training and more. Teams have access to functional data they can use to do their jobs, without ever having to see customers’ personal information.
Companies can use data masking selectively to protect a variety of data, including customers’ banking, contact, health and other personal information, as well as employee data and intellectual property. Protection can be applied to a specific type of data (e.g. payment card information) or to specific data objects or subjects (e.g. home addresses of employees).
There are a few different ways values can be changed in data masking but, in all cases, the alterations must be undetectable and impossible to reverse engineer. Methods like encryption and redaction ensure users cannot see data unless they have the required privileges. Character scrambling, substitution and shuffling use existing data, but alter it so that the values themselves are jumbled or swapped with different values that still look authentic.
Ultimately, the strategy a company uses to implement data masking depends on the size, location, complexity and usage of its data. Generally speaking, there are two different types of data masking: static and dynamic.
By understanding the flow of enterprise data, mapping where PII exists and identifying who needs access to it, data masking controls and monitors all data interactions without locking down data. In this way, it protects employees from seeing too much while giving them the tools they need to perform. Moving forward, data masking ensures businesses can continue adapting to novel work arrangements safely while keeping security, operations and innovation paramount.
Jon Lunitz interviews Jon Browning, CEO of Global Mentorship Initiative.
ibex Financial's first Speaker Series of 2020 = VICTORY
How Wave Zero quickly equips leaders to know the way, go the way & show the way.