There are many terms thrown around about data, such as big
data, data privacy, data protection, data compliancy and data security.
Generating more and more data
The volume of data gathered is ever increasing, whether it’s
in the commercial world or our personal world.
As ways of generating data increases thorough social networking, photos
get larger through greater megapixels, the number of internet connected devices
we carry increase from zero to three or more, as media such as books, magazines
and music become digital, we can readily see why there has been phenomenal
growth in data generation.
With the many streams of data we generate and have access to,
the challenges of collecting, manipulating, aggregating this data become all too
apparent, and these are the challenges of big data.
Keeping it private
With all this data, there should be concerns with who sees
it. Ensuring the necessary controls are
in place can be difficult, whether it’s who sees our photographs on a social
media site, or when data leaves a controlled environment and into uncontrolled
public cloud storage facilities.
Most people don’t want their personal information made
public. This may be home addresses,
email addresses, telephone numbers, passport numbers, etc. This is the sort of information most people would
like to keep private.
Keeping data where only the right people, can see the
right information, but ensuring the privacy of that data is maintained, are the
challenges of data privacy and data protection.
Law enforcement
There must be laws in place to protect information. There are a number of legislations
to protect us, along with industry bodies policing certain industry
verticals. If these legislations or compliance
bodies are ignored or contravened, then fines or dismissal can be the penalty.
Using the legal system or industry bodies to monitor and
police the data, could be considered data compliancy.
Technical Enforcement
There are many technical solutions that can help protect the
data, whether it’s by encryption, password protection, two factor authentication
access, VLANs, data segmentation, database security solutions, data leakage
prevention solutions, etc.
These solutions are just that. It is more important to understand the
challenges and issues, before jumping in with a technical solution.
CIA?
Working in Information Security, many people will refer to
the CIA triad. This is where Confidentiality, Integrity and Availability
are considered the cornerstones and core principles of Information Security.
The considerations will all data, are:
Confidentiality – Define and enforce the appropriate access
controls to the data
Integrity – Ensure the data has not been manipulated from
when it was captured
Availability – Ensure the data is accessible when it is
required
Emergency Data Laws in
the UK
Currently in the UK,
emergency data laws are being
rushed in. The reasons for needing
to capture this data is important for national security. The concerns are speed with which legislation
has been passed, as with many IT projects, when they are rushed, they either go
over budget, or elements are overlooked.
There is vast amount of data that will need to be collected,
aggregated, stored and interrogated. There
will also be a need to protect the various databases holding this data, and the
need to encrypt this data, so if it were to leave this environment, it would be
unusable.
This data will need to be made available, so there will be a
need to keep this data in multiple locations, but also ensuring the data that
has been captured has not been manipulated maintain the data integrity.
The biggest concern should be confidentially. There have been many reports of lost data,
inappropriate access to data, but the rise in the reports of hacking leading to
the exfiltration of data from government sources.
Data is important in
our lives, but let’s ensure that our data is protected correctly, whether it's held by a social networking site or by the government.
