Data has definitely got bigger over the last few decades.
We’ve gone from the first commercial hard drive the size of two refrigerators and capable of storing just 5 megabytes in 1956, to a tiny 200 gigabyte MicroSD card launched at this year’s Mobile World Congress.
Analysts estimate that 90 per cent of the data that exists today was created in the last two years alone. The big question for this big data is how to protect the right data with the right mechanism and even how to securely delete data that will not be used anymore.
What is obvious from the many high profile data breaches of the last year is that the weak spot for many companies is still the database. In those breaches a lot of that compromised or stolen data was stored in databases.
Because of the volumes and different types of data we’re talking about today companies struggle to know which databases to protect and which not to, and even where those databases are. The danger is that organisations do little or nothing to address this because it seems so difficult and complex.
But the lesson of those breaches is even if you don’t know exactly where your data is being stored you should start somewhere because the hackers will use the weakest or simplest way to get into the data – and that is mostly about databases.
That means encryption, authentication, intrusion protection systems (IPS) or intrusion detection systems (IDS). Then we have to talk about authentication and authorisation for the data itself. For example, how you prevent former employees who have left the company still having access to the database. This includes technologies such as single sign-on systems across different applications inside an organisation.
There is also regulatory compliance to consider. Take credit card information, which requires specific measures in place to comply with PCI DSS standards for processing card payments. If an organisation doesn’t have those measures in place it has to pay higher fees to Visa and Mastercard because of the increased risk to the data.
And let’s not forget the new EU data protection law – the EU General Data Protection Regulation – on the horizon, which is proposing fines of up to €100m for companies that fail to protect personal information. Although I believe that is going to be extremely difficult to implement and enforce, because we have 28 member states, each with different standards regarding data privacy – some have very high standards, others less so.
The cloud is another can of worms altogether when it comes to the protection and security of all this data as more and more is being stored there. How can companies and citizens in Europe be confident any data they put into the cloud is being stored securely – or even where it is? There is the European Safe Harbour Act (and the Swiss version) that is supposed to guarantee adequate levels of protection for any personal data of European citizens if it is sent to countries outside the EU. That means US companies, for example, must comply with those standards if they want to process data in a data centre in North America.
But that doesn’t mean organisations can simply shift responsibility for data protection and security from the internal IT organisation to their external cloud service provider. Even though that provider might provide redundancy, higher availability and backups you are still ultimately responsible for your data.
If you are storing data in the cloud you should consider using encryption technology that you only you own the key to. With this technology you can encrypt data either from the endpoint or over a gateway to the cloud. It’s another layer of security that ensures even if your cloud provider is breached no-one is able to see your data unencrypted.
The issue of data is only going to get bigger, particularly when the Internet of Things starts to become reality. The size of the digital universe is doubling every two years and by 2020 it is predicted it will be a mind blowing 44 trillion gigabytes. Businesses need to make a start now to protect and secure all this valuable information.