IT Voice March 2018


Is your data safe and secure?

People need to be able to trust the enterprises and databases holding their data.
Data breaches are an unfortunate consequence of the application of technology in the modern world. The information economy has placed a significant premium on personal information relating to everything from finance to dating, and even health care.
Prescriptive, predictive, and descriptive analytics have transformed the value of a person into the sum of the data accumulated through our living, working, and spending decisions. Analysts spend their time filtering, averaging, analyzing, and parsing the data at their disposal. They are expected to form predictions and models based on the implications. All of this is done to generate valuable information that can be used, and that can be sold, to generate revenue for someone other than the person whose information has been captured.
Information stored in data banks is often protected by some form of security, but each of these data banks is subject to breach, whether due to human error or criminal aggression. Recent and continuing broad-scale hacking incidents have increased both awareness and scrutiny regarding the holders of data as well as the systems they use to protect it.
The recent Facebook data breach has exposed tens of millions of people to potential misuse of their personal finance information. With names such as Cambridge Analytica ( a data mining firm ) who are supposedly involved in cases where data has been used to influence elections. Facebook who has more than a billion global users and more than a million indian users. To imagine the data held by facebook would be humungous.
A country’s government also hold large amount of data of all it’s citizens in various ways and so they should ensure the data is safe and secure and not misused. For example, our government has several schemes under which they store the same data such as AADHAR, BHAMASHAH, Election Schemes, PAN Card, Electric city, water, House Data etc. This data, in case it suffers a breach can be used to influence major decisions or to blackmail or harass the citizens, as the previous incidents say many data firms have used this kind of data to influence several polls.
Given the sheer size of some breaches versus the alleged security promised by some of the data vaults, people must become more vigilant about their own data identity. Whether sharing that information is in fact required by law is debatable, but people more often than not decline to ask. Perhaps it’s time to talk about the risks involved and the actual need to supply all the descriptive detail. Could a simple application be created that uses an algorithm to translate your number into a unique derivative that is then attached to a record instead, and could that do away with the need for other unique identifiers? Could bio metrics such as voice, fingerprint, iris, or face scan be used? Even those technologies aren’t absolutely guaranteed to be secure.
It’s time for data collector transparency. People need credible certification of security and adequate notice of system upgrades and changes. Clear information regarding how the security of the physical database is ensured must become a legal requirement.
Service and technology providers, vendors, and their servers need secure firewalls, data encryption, and constant monitoring. People must demand this, and people need to educate themselves regarding descriptive data threats.
The lessons from data breach history are clear. Deployment failures occur when databases are not performing as designed. Leaked data results when hackers access any data that has not been encrypted. Damaged databases require immediate repair and restoration. In-house saboteurs will steal or damage databases and backups. Multiple database features present multiple ways for hackers to enter a system. Hackers plug in data as SQL injections to alter code and change data. Businesses must segregate authorities and powers of both users and administrators. Current threat levels mandate that administrators stay current and consistent in their security practices. Despite any and all of that, threats evolve and persist.
While the average end user doesn’t know or understand much about data breaches or hacking, one thing is clear: People need to be able to trust and rely on the enterprises and databases holding their personal information. People need to know that their data is safe and secure.
Tarun Taunk