Wednesday 16 July 2014

Data, data, data...

There are many terms thrown around about data, such as big data, data privacy, data protection, data compliancy and data security.

Generating more and more data


The volume of data gathered is ever increasing, whether it’s in the commercial world or our personal world.  As ways of generating data increases thorough social networking, photos get larger through greater megapixels, the number of internet connected devices we carry increase from zero to three or more, as media such as books, magazines and music become digital, we can readily see why there has been phenomenal growth in data generation. 

With the many streams of data we generate and have access to, the challenges of collecting, manipulating, aggregating this data become all too apparent, and these are the challenges of big data. 

Keeping it private


With all this data, there should be concerns with who sees it.  Ensuring the necessary controls are in place can be difficult, whether it’s who sees our photographs on a social media site, or when data leaves a controlled environment and into uncontrolled public cloud storage facilities.

Most people don’t want their personal information made public.  This may be home addresses, email addresses, telephone numbers, passport numbers, etc.  This is the sort of information most people would like to keep private.

Keeping data where only the right people, can see the right information, but ensuring the privacy of that data is maintained, are the challenges of data privacy and data protection.

Law enforcement


There must be laws in place to protect information.  There are a number of legislations to protect us, along with industry bodies policing certain industry verticals.  If these legislations or compliance bodies are ignored or contravened, then fines or dismissal can be the penalty.

Using the legal system or industry bodies to monitor and police the data, could be considered data compliancy.

Technical Enforcement


There are many technical solutions that can help protect the data, whether it’s by encryption, password protection, two factor authentication access, VLANs, data segmentation, database security solutions, data leakage prevention solutions, etc. 

These solutions are just that.  It is more important to understand the challenges and issues, before jumping in with a technical solution.

CIA?


Working in Information Security, many people will refer to the CIA triad.  This is where Confidentiality, Integrity and Availability are considered the cornerstones and core principles of Information Security. 

The considerations will all data, are:

Confidentiality – Define and enforce the appropriate access controls to the data
Integrity – Ensure the data has not been manipulated from when it was captured
Availability – Ensure the data is accessible when it is required

Emergency Data Laws in the UK


Currently in the UK, emergency data laws are being rushed in.  The reasons for needing to capture this data is important for national security.  The concerns are speed with which legislation has been passed, as with many IT projects, when they are rushed, they either go over budget, or elements are overlooked. 

There is vast amount of data that will need to be collected, aggregated, stored and interrogated.  There will also be a need to protect the various databases holding this data, and the need to encrypt this data, so if it were to leave this environment, it would be unusable.

This data will need to be made available, so there will be a need to keep this data in multiple locations, but also ensuring the data that has been captured has not been manipulated maintain the data integrity.

The biggest concern should be confidentially.  There have been many reports of lost data, inappropriate access to data, but the rise in the reports of hacking leading to the exfiltration of data from government sources.


Data is important in our lives, but let’s ensure that our data is protected correctly, whether it's held by a social networking site or by the government.

No comments:

Post a Comment