Best Western Uses DataMasque on AWS to Stop Data Breaches and Automate Key Processes

Data breaches can be catastrophic for large enterprises. In addition to potentially destroying a company’s reputation, breaches are often extremely costly. Statistics show the global average cost of a data breach was $4.24 million in 2021, up from $3.86 million in 2020.

Best Western Hotel and Resorts is serious about preventing data breaches. The global hospitality organization, with 18 brands and 4,700 hotels worldwide, needs to protect sensitive customer information to comply with data privacy regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). 

For many years, Best Western relied on an internal solution to conceal non-production data. Commonly termed data masking, the process modifies data so that it’s of no value to unauthorized intruders while remaining usable by the business. However, as the company continued to move more workloads to Amazon Web Services (AWS), it discovered the current data masking solution wouldn’t work effectively on the cloud. “We use a lot of personally identifiable information (PII) data in our QA testing and development environments, and our homegrown solution was both slow and difficult to maintain. It required a lot of manual management, and we needed an automated solution,” says Joseph Landucci, director of technology management for Best Western. “We were also concerned that the solution’s masking rule scripts would become dated very quickly. We’re all-in on AWS and this critical piece of software needed to work on the cloud.”

Best Western’s search for a cloud-based data masking tool led it to DataMasque, an AWS Partner offering a masking and obfuscation solution running on AWS. Before data leaves the production environment, DataMasque simply and irreversibly replaces the sensitive data with realistic, functional, and consistent values. “Non-production environments are one of the biggest areas for breaches. Because of the nature of these environments, they typically have sub-standard security and governance measures compared to production with significantly more users, including third party vendors,” says Grant de Leeuw, CEO and co-founder of DataMasque.

DataMasque is a cloud first solution that supports self-managed databases as well as fully managed cloud database services such Amazon Relational Database Service (Amazon RDS), Amazon Aurora and Amazon Redshift. “The fact that DataMasque runs on AWS was key for us, because we’re trying to do everything on AWS now,” says Landucci. After purchasing and downloading DataMasque from AWS Marketplace, Best Western began conducting a proof of concept (POC), using the solution to mask data in its non-production databases. 

Because DataMasque removes sensitive data from its non-production databases, Best Western reduces the potential cyberattack surface area. This mitigates against data breach opportunities and subsequent financial penalties. “In terms of public relations, nobody wants to be the next big company getting breached and having private data exposed,” Landucci says. “DataMasque helps us lower the likelihood of a breach and secures our customers’ data, which means we avoid expensive regulatory fines.”

Best Western is automating data provisioning and masking by using DataMasque on AWS. “DataMasque scans all our production data automatically. It’s a powerful and easy-to-use tool,” says Landucci. By implementing DataMasque into its pipelines, Best Western saves time by eliminating previously manual data preparation processes. “DataMasque runs much faster than our internal solution, taking just 2 hours as opposed to 6–8 previously,” says Landucci.

In addition, Best Western expects to gain cost savings once DataMasque is running in full production. “Because it runs on AWS, we can spin DataMasque up or down and only pay when we use it,” Landucci says. “We’ll also be eliminating licensing costs for our DevOps data platform.”

Best Western is also testing the DataMasque proactive sensitive data discovery tool, which helps ensure its data masking rulesets are up to date. The tool continuously scans the company’s databases and automatically identifies and highlights fresh, unmasked data. “When there’s a new table or column added in the database that holds potentially sensitive data, the tool alerts the user to protect the data,” says de Leeuw. 

With this capability, Best Western will be able to spend less time keeping data masking current and more time on development. “This will provide improved data and help us develop faster, so we’ll be able to reduce time-to-market for new products and features,” says Landucci. “For instance, we can develop offerings that add value to the business and increase revenue, such as creating new marketing products.”

Once it moves DataMasque into full production, Best Western also plans to replace its current DevOps data platform. “The POC showed us how we can prevent breaches and automate key processes using this solution,” says Landucci. “We’ll continue to make DataMasque a bigger piece of our data pipeline and integrate it further within our existing AWS environment.”

visit AWS Marketplace