NEW YORK (TheStreet) -- The era of big data has made the massive databases around the world more precious and valuable than ever, yet it's also made them more subject to hacker targeting than ever. As the Bradley Manning and Edward Snowden cases have helped highlight over the past 12 months, a lot of the most damaging data breaches at both the corporate and government levels are coming from within the organization itself; data is at the greatest risk of exposure when access becomes more convenient.
Organizations across the private and public sectors are now becoming acutely cautious about the threat of internal perpetrators, creating a proliferation of demand in the young market of data masking where a select few companies have landed a coveted spot in Gartner's Magic Quadrant based on their effective vision and execution.
Informatica (INFA) CEO Sohaib Abbasi recently summed up during a conversation with TheStreet that "the whole data security market is being transformed."
Informatica is one of the companies highlighted in the Magic Quadrant for its data masking work. "The old way of doing analytics or data privacy was to secure the perimeter, to keep the bad guys out," he explained. "But in this new world, there is no perimeter. Data is on premise, data is in the cloud, data is in social media, data is on mobile devices, data someday will be on sensors. Where is the perimeter? There is no perimeter anymore. So most customers recognize that they need to take another look and ask themselves what it is that they're trying to secure."
"Are they trying to secure computing resources against denial of service, which is of course very important, or is it more important to protect the privacy and security of the data?," he stated. The answer is, "at the end of the day, the most important IT asset is the data, so they're increasingly becoming aware that they need to have an inside-out approach to data security. And they must secure data at the source."
Suitable for preventing outside attacks, but also capable of protecting against inside attacks, data masking enables the creation of realistic-looking data to hide or cloak the actual real and sensitive data in a way that cannot be distinguished by applications and often the naked eye. The two main categories of data masking -- dynamic masking trend and interceptions of database access -- are based on user security entitlement levels, and static masking, also known as permanent or persistent masking, used mainly during testing processes as with programmers for instance.
Joseph Feiman, Gartner's lead analyst in data application and security, says highly data-sensitive organizations in industries including financial services, healthcare, and government are all components of the thriving demand for data masking technology in the U.S., Canada and the European Union. Driven by their preoccupation over internal attacks, their worries are also being compounded by the increasing pressure coming from government and global industry data-privacy regulations, according to Feiman. Customers are more and more being faced with extra incentives to invest in data masking services.
Overall, Feiman expects an escalation in the data masking market growth trajectory of more than 30% to 40% a year after watching the marketplace grow to $200 million in annual revenues last year, up from essentially non-existent just five years ago. Feiman says the numbers would show even more progress when factoring in the revenues from all the other data masking suppliers of the world, tservices that revolve around data masking, as well as the enterprises that do data masking for themselves, which eventually may see their technology being replaced by those of specialists, according to the analyst.
"There's no doubt for me that the market will continue growing even faster than now."
As outlined in the Gartner Magic Quadrant, Feiman say the leaders in data masking technology right now are Informatica and IBM (IBM), first and foremost, followed by Oracle (ORCL), again as defined by their vision as well as their execution in the marketplace.
"Now, Informatica," said Abbasi, "knows more about the data than any other company. We know what the data represents, we know how the data is derived, we know how the data travels from one location to another. So we are in a very good position to continue to deliver innovative offerings in an area where we're already known: data masking," he said.
"We're already a known leader and we will continue to innovate for the next generation of data security."
After speaking with Informatica's CEO, TheStreet also had a conversation with Amit Walia, the senior vice president and general manager of the Informatica's Information Lifecycle Management unit that is spearheading the firm's security strategy.
Here, Walia dives into the topic of data security and data masking trends, and how Informatica is leading the expansion of the space:
Tse: What are your investment plans for data masking in 2014?
Walia: At Informatica we strongly believe that a big part of data is ensuring it whether it's secure. Whether it's security from a privacy or a breach point of view. That's a very integral part of the overall customer base point. So that's an area of masking, security and compliance that we are putting big bets on, and you will hear from us as we unfold during the year.
So let me step back. From a data masking point of view -- it's a very important part of our portfolio. We are a leader in the Gartner Magic Quadrant and with our persistent and dynamic data masking we have probably the most comprehensive portfolio in the market, which basically puts us in the leaders quadrant. And we've invested heavily and we've made acquisitions in the past, and right now we are making heavy investments.
The business unit information lifecycle management which is one of our very, very rapidly growing businesses is heavily focused on security and data management -- we're putting big, bold moves there.
The investment is not only significant, but it is growing.
Tse: Are there any more data masking acquisitions in store for Informatica?
Walia: We're always on the lookout for acquisitions, basically. The point I make is that security is a very important area for us.
From an acquisition point of view, we're going to make investments both organic and inorganic. There, we accelerate our R&D internally -- we run there with our internal investment. There we think we have customer needs -- there is a great opportunity out there and we have to move quickly. There is a great opportunity out there to acquire -- we will do that. Again, we look at both organic and inorganic growth to move quickly to solve customer needs.
Tse: What is about the regulatory environment and nature of internal cyber attacks lately that have been driving a take-off in data masking demand?
Walia: I think that's a great question. You know, data privacy is becoming very big if you look at Europe.
I was just in Europe last week, and I was in Germany and Spain, and I met with large insurance companies and financial services companies. And if you look at data privacy in Europe, there are EU regulations and they are mandated to abide by those regulations, otherwise the compliance costs would become very high for them. Obviously data cannot not go beyond the boundary of a company -- also data cannot be accessed by non-EU employees. And of course today in an organization you don't want data to be available to everybody and anybody.
So data privacy is a big driver, compliance is a big driver -- that's all one big driver. Data security is another big driver. Think about two different kinds of drivers. One is the malicious -- the outsider coming in. The other one is, I call it an ignorant or a malicious impact.
If you think of sensitive data within an organization from a production database or a production application -- think the employee social security number. Nobody really needs to access that except for maybe the head of HR. But there are a lot of people who generally need to access that data. So you need what I call security controls like masking, that allows the organization to be agile and have data be available to the business user, but it's masked, so when they're accessing the data they're not seeing the real thing.
So there are some very fundamental drivers around data privacy, data security that are driving the huge demand for masking and the issues are all around increasing compliance or reducing breach risk or malicious risk. We are seeing the demand there and we can help organizations be nimble and be secure at the same time.
Tse: What is the data masking trend at financial institutions, which of course makes up a bulk of your overall customer base?
Walia: FIs are -- they have the most amount of reservations and the most amount of sensitive information. Lots of data, lots of users want to access the data but there are many tough regulations. So they are sitting in the eye of the storm.
What financial institutions are struggling with is "how do we avoid test on hacks from the outside on their system data and also reduce any kind of inadvertent access to sensitive data from both their production and non-production systems?" So to make sure they comply with regulations so they do not get fined -- and clearly it's a huge brand image issue too.
It's very, very painful. Rolling out new applications. ... "how do I give access to data to testers so it's secure" and how do they give access for their production data to users who want to get that data. Creating a single policy and a single engine and a single base is what they need and that's where our masking solutions come into play.
They are using our persistent data masking solutions to roll out new applications rapidly so that testers can get access to real production data input fast. Also at the same time, when business users or analysts want to access our production data for running analytics or making decisions, our dynamic data masking masks that data so they don't see the real data but can access it to make decisions. So FIs are struggling with that and that's why they're using us. We are the data management platform. PowerCenter has been the platform for years. We are on PowerCenter which makes it very easy for them start using our solutions.
Tse: Which customers sectors will always be Informatica's staples in data masking and which are emerging?
Walia: Some of these are obvious, some of them are coming up fairly rapidly. Clearly financial services is a staple, and financial services is a broad one ... insurance. The insurance sector is going through an explosion especially in the U.S. with Obamacare where they have to now move away from working with brokers to directly working with customers. They want to use that data to get to customers but security becomes a big play there. So the financial services and the insurance sector.
Healthcare broadly, they have so much sensitive data. They want doctors to use it, they want their business users to use it, they want analytics on it but again there's the security issues. There are many questions about data security there as well as privacy.
The third one is telcos. They have a ton of data from individual consumers they are using to become a services provider. That's an area where they have to focus on. And especially e-commerce. You know about Target (TGT) right. How do you manage that set of sensitive customer data? E-commerce is exploding. How do you maintain security as you continue to grow your business?
So financial services. Broadly insurance. Healthcare. Telcos, E-Commerce. Retail. We see them grow very fast.
And believe it or not we are also seeing it from manufacturers as these manufacturers or logistic companies are being integrated e-commerce companies. They have a ton of sensitive data as well from their suppliers. They want to keep it secure because if they want to serve Walmart (WMT), they don't want to mess it up. So those are the larger macro industries that we see. But a lot of their industries want to be compliant to a Walmart or a Target. So that's how I see the landscape.
Tse: What's helped you retain your market leadership position in data masking?
Walia: Oh absolutely. I think we lead for a variety of reasons. Number one is we have the best technology, and what I mean by that is ours is not only the most comprehensive masking solution -- we are the only one that has the best blend of both persistent and dynamic data masking. Secondly, our solutions are the most non-intrusive and easy to deploy, so it does not need a lot of infrastructure or cost for an organization to implement our solutions.
It's very easy to roll out, very easy to manage, and very non-intrusive so they do not provide any additional ad-hoc cost or intrusiveness for IT and the business user. Also our persistent data masking which is part of our test data management solution is on the Informatica Power Pack which makes it a lot easier for organizations to deploy because we already have PowerCenter deployed -- it's very easy to manage on the PowerCenter costs. And we are making heavy inroads into expanding our technology so it's very easy to build our dynamic data masking big data.
One of the biggest challenges around big data right now is that it's not secure. We talk to a lot of big companies that want to move the data but are worried about putting their production there. Our data masking supporting big data is helping accelerate that option.
This is a pivotal point to help them move to cloud data and to do that more and more. So there are a lot of technology investments. We are bringing on board more people both in the U.S. as well as across the globe, the best security people. And then as you're expanding the global market. All those things are helping us grow and expand our leadership position in the Magic Quadrant.
Informatica has a very unique position where we are looking forward as we are stepping forward and driving that with investments.
We think we can take security into a completely new way of thinking about it. Today's approach, where it's all outside by infrastructure ... network security, endpoint security, server security, file system security. All the focus on all securities is to protect data. It doesn't matter if you have protected the network. If something has hacked through the network and gets access to the data, your network security is a waste at that point.
We are at the data level. We know all of this is data. "What is it?" That's the problem that customers have -- they don't even know what all their sensitive data is. We know where their sensitive data is going and we can get access to which users are getting access to it. We are looking to bring that information together to give our customers a very unique insight into their data risk -- data intelligence, data security intelligence, or data risk intelligence. Something nobody else can do but Informatica.
That's an area where we can create a central nervous system that almost that feeds into your entire security asset to tell them "here's the sensitive data, here's where it's going. Put these security controls on it, and carry these security controls wherever the data goes." So even if you get hacked, you've already identified the sensitive data and you can put some security controls on it and you can track and monitor it. This is where we are going -- only we can do that. We can be the central nervous system of an organization's data-centric security that nobody else can. And we can purely make security secure by driving data-centric security.
That's where we are going. We think it's a very, very fascinating market where we can play big.
-- Written by Andrea Tse in New York
>Contact by Email