Masking PII: Minimize Your Risk and Stay Out of Trouble

Mike Dupuis
Written by Mike Dupuis

July 26, 2022

Consumers expect their personal information to be safe in your hands as they use your apps, services, and stores. Even in-person retailers collect customer data for loyalty programs, shopping history, and more. In addition, regulators and auditors — and while we’re at it, let’s add investors, board members, and partners to the list of people who expect all customer data to be secure at all times. In this blog, we’re going to look at why data masking needs to be at the center of your customer privacy stance.

It’s All Fun and Games

Until somebody gets hit with a nice big fine for millions of dollars for how they manage customer data. In reality, it’s a significant challenge for companies with trying to keep up with all the new rules for properly storing and processing PII can feel like a game of musical chairs because of all the chaos and moving parts. You’ll want to make sure you have your ass in a seat or at least look like you know how to play the game when the music stops and an audit comes your way.

If you’re looking at it from a regulator’s point of view, the game looks less like musical chairs and more like Hungry Hungry Hippos with all of the penalty money being gobbled up. Compared to the less than $200 million in fines handed out in 2020, there were over $1.2 billion in 2021. If the trend continues, 2022 could be a tough year for many companies, and one of them could be yours.

In addition to the fines that get handed out like candy, organizations also face a reputational risk that can cause some severe headaches. Imagine your company’s name in the headlines on the news for weeks on end, talking about how you don’t care enough about your customers to keep their data safe and following your story as your executives get dragged through all kinds of legal proceedings. Sounds like fun, right? Let’s look at how to avoid a GDPR fine by using a data masking solution.

Data Masking: Let’s Play Chutes and Ladders Instead

With Cribl Stream as the middleman between your data collection and data storage tools, you can send each piece of data up and down as many modifications and storage paths as you want without being subject to a roll of the dice. Like chutes and ladders, Stream works with a series of pipelines and routes that process events in your system. You create the functions that determine which routes the data takes, all within Stream’s user-friendly interface.

Stream allows you to create copies of events to store the original within your security team’s infrastructure or in a low-cost observability lake, and depersonalize any copies you want to share with relevant parts of your organization. We also make it easy to identify data that you may not be masking but should. This way, you can make sure you get the most value out of your data without incurring any of the risks associated with GDPR. You’ll never ingest data that you’ll regret having later. Our docs section shows you exactly how to implement it, and we’ve also included a video below showing how it works.

Hide, Seek, and Replay

Redacting PII and making sure that data ends up in proper storage is super important, but it’s also crucial for you to be able to recall the data if necessary – and all the better if recalling data is quick and painless. As part of GDPR, enterprises must be compliant, and they need to be able to demonstrate that compliance to auditors. The more quickly you can get this done, the faster you and your team can focus on value creation.

You can use Stream to send copies of data to low-cost storage, saving you the headache of trying to guess ahead of time which data to keep in “hot” or “warm” storage in the case of an unexpected investigation. Keep your SIEM and UEBA tools working as efficiently as possible by not overwhelming them with extra data, then use Stream to recall and replay any data you need straight to your analytics tools.

Stream’s replay feature lets you jump into critical logs, metrics, and traces as far back in time as you want so that you and your new auditor friends can see whatever they need to without issue or delay. What’s more, you have the option of replaying only the parts that pertain to a security incident if the time comes.

Data Masking: Steer Clear of Cops and Robbers

With GDPR and the constant creation of data privacy laws, it’s more important than ever that data is protected from unauthorized or unlawful processing. Use Stream to stay ahead of regulators and away from hackers — and be ready if one of them tries to sink your battleship. Your customers’ trust depends on it.

The fastest way to get started with Cribl Stream and Cribl Edge is to try the Free Cloud Sandboxes.

Questions about our technology? We’d love to chat with you.