• Cyber Jack

ARM Insight CEO Randy Koch Talks Synthetic Data, How the Revolutionary Tech Can Help Secure PII

In this Q&A with ARM Insight CEO Randy Koch, we discuss synthetic data, the revolutionary technology that's keeping highly regulated organizations out of data breach and compliance violation headlines.

What is synthetic data and what are its benefits?


Synthetic data mimics real data while removing any personally identifiable information (PII) of the customer. Synthetic data makes minor and random field changes to the original data set, completely protecting the consumer identity and transaction. When properly synthesized, it cannot be reverse engineered, yet it retains all the statistical value of the original data set.

Organizations that use sensitive data can freely bolster product or service development using data insights with virtually zero risk. Organizations can dig down in analytics to understand customer behaviors and preferences, including spending; customer segmentation for marketing; or fraud detection to name just a few applications. Additionally, synthetic data can rev up machine learning and artificial intelligence engines with an influx of valuable data. This allows data owners to innovate new products, reduce operational costs and produce new business insights – without concern for the normal ramifications of data breaches that spill personal information.


Most importantly, synthetic data helps fortify cybersecurity and compliance programs in this age of data breaches and resulting stringent regulatory measures.

Think about it: If a hacker or insider threat get their hands on data – like in the Capital One or Equifax breaches – but it was synthetic data they got a hold of – it would be useless for the criminals’ normal routes to illicit profit.


With the PII stripped away during the synthesizing process, organizations that make synthetic data part of their process don’t need to bend over backwards to comply with complex laws like the Gramm-Leach-Bliley Act (GLBA) or the California Consumer Privacy Act (CCPA). The risk reduction and cost savings are incalculable.


What industries could use synthetic data?


Synthetic data can be used by organizations in any industry. Obviously, highly-regulated industries like financial services, where we focus today, that cannot afford to make a mistake with compliance and security benefit the greatest.


Healthcare organizations, for example, hold a tremendous amount of patients’ personal information: social security numbers; addresses; records, etc. If an organization doesn’t have synthetic data in place, there can be a lot of fear over data security and compliance issues. It may even stifle medical innovation, collaboration or patient care. But if synthetic data is in place, it can open the doors to faster and more accurate diagnoses.


For instance, if a practice has a patient with a rare tumor and the practice doesn’t know whether the tumor is benign or whether it's cancerous, they’ll want to share patient MRIs and tests with as many experts as possible. However, the practice could be very afraid to share the patient data with others because of the Health Insurance Portability and Accountability Act (HIPAA). But if you synthesize critical data, i.e. change the Personal Health Information (PHI) about the patient and the transaction information, now the practice has synthetic data that can be shared freely throughout the healthcare ecosystem and used to get better, faster treatment answers.


Synthetic data comes into play even more when executing on cutting-edge medical processes; such as when artificial intelligence and machine learning are used to identify tumors by looking at thousands of MRIs and tests in just minutes.


Previously, with stringent compliance and data security challenges, it would take months for multiple doctors to view thousands of MRIs and come to a diagnosis or treatment conclusion. Without the fear of security and compliance, data flows freely and cutting-edge medical technology can finally do its job and crunch thousands of data points quickly.


How easy is it for synthetic data to change industries?


Right now, our synthetic data technology that is tailored to financial services should only take around 12 months to be applied to other industries. We have a powerful platform for the financial services industry, but before diving into other uses for our technology, we need to ask ourselves: what’s different across other industries? Synthetic data technology must be properly adjusted to each industry it is serving, based on their needs. Industry education and understanding the specific problems that require solutions will be an important component of that transformation.


What advice would you give to leaders who are on the fence about implementing synthetic data technology?


Assuming that you believe that data is vital to the health of your company and industry, you have no choice but to implement a detailed data strategy. You must constantly think about how you're going to work with data while keeping privacy, compliance and security intact.

A typical data strategy makes a split between two general categories: extremely sensitive data that’s simply collected and kept under lock and key; and the data you’re willing to share with others and use for business (analytics, insights, innovation). Synthetic data dramatically increases the amount of data you’d now be willing to share with others and use for business because privacy, compliance and security are no longer an issue. It’s very clear that synthetic data removes massive roadblocks and enables business and innovation. It’s just a matter of ensuring your organization is committed to data transformation.


Synthetic data isn’t necessarily a big investment or lift – it just needs leadership that works hand-in-hand with their C-suite to execute properly. Synthetic data is increased security. It is increased revenue. When those two results are combined, shareholders win and business thrives.


For more information about ARM Insight, visit: https://www.arminsight.com/

  • LinkedIn

©2020 by Enterprise Security Tech