November 12, 2024 – Prime Factors, a leader in application-level data protection, has been recognized as a Sample Vendor in the Gartner Hype Cycle for Privacy, 2024. 

According to Gartner, “By 2026, fines due to mismanagement of subject rights will have increased tenfold from 2022 to over $1 billion.” Gartner states “Privacy remains a top concern for boards, executives and consumers as the hype around AI draws focus on the need for additional safeguards around personal data.”  

“We understand that the stakes are high, and we believe that emerging regulations, standards, and compliance requirements will continue to drive both the growth and complexity of data protection use cases, especially as enterprises leverage a variety of security techniques together to enforce privacy of data at the moment it is created or consumed in applications," said Juan Asenjo, Prime Factors Director of Product Management. “Prime Factors remains passionate about creating data privacy solutions that help simplify this complexity while also minimizing deployment times and cost of ownership.”  

In the report, Gartner states, “FPE (Format-Preserving Encryption) is an important anonymization technique to support data protection, compliance and privacy requirements. It can also reduce the risk of data residency, hacking or insider threats by controlling access to data.” Gartner explains that “FPE helps organizations meet data protection and privacy regulations and data residency requirements to protect personal, health, credit card and financial data, and to adhere to data breach disclosure regulations.”   

However, Gartner cautions that “Encryption keys not managed by resilient life cycle best practices and EKM (Enterprise Key Management] could lead to the loss of larger amounts of data if the encryption keys are lost.” Gartner recommends that enterprises “Ensure FPE is deployed and managed as part of EKM to ensure consistent centralized policy control and strong crypto-agility, and avoid control by nonsecurity admins if provided natively by a platform” and “Monitor and audit all user and administrator access to sensitive data, even when FPE is deployed.” 

The research also points out that “Proactive risk reduction can be achieved through competent data life cycle governance and pseudonymization techniques, such as encryption, masking and tokenization.” The report recommends to “Look for vendors that enable integration to a broader enterprise key management system and complementary encryption and privacy-enhancing computation techniques.” 

“We see one of the most important aspects of modern data protection and privacy as the ability to couple various security techniques for the overall improvement of security,” Asenjo said. “Centralized data protection policies that leverage a broad spectrum of security functionality - FPE with robust key management, flexible tokenization, dynamic and static data-masking, hashing, digital signing –– wrapped with the traceability and reporting functionality that can limit any default access to sensitive data.  Prime Factors has developed EncryptRIGHT with the goal of delivering this functionality with a crypto-agile application architecture that allows enterprises to swap out algorithms, keys, or security techniques without costly re-work, making it easier than ever to protect sensitive data and to help keep up with the evolving needs of data protection and privacy.”  

Gartner subscribers can access the full report here. 

*Gartner, Hype Cycle for Privacy, 2024, Bernard Woo, Stefan Dumitrescu, July 29, 2024. 

Gartner Disclaimer 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.