I have always been fascinated about data and its security. Overall, information security is extremely vast field and many topics can be categorized under it. However, if you ask me my area of interest in the topic, it will always be privileged access and data security. Professionals who deal with data or it’s infrastructure, must have basic understating of data security.
Firstly, while the value of data has skyrocketed, some of the world’s most important data is stored on Mainframe Servers. It is known fact that mainframe environment has thousands of users simultaneously executing a wide range of applications with varying performance profiles, it requires a multi-layered approach, including user identification and authentication, access control and other advance security measures.
In many instances, I worked towards providing closed loop, automated security intelligence and threat remediation. This reduced business risk by enforcing security policy and best practices. I would say, simplifying provisioning governance and authorization of users, groups and resources are the primary steps of data security. In addition, we must protect essential data with comprehensive encryptions and access controls.
According to research, almost 60% of adult population in the U.S. found out recently that their personal data – names, social security number, birth dates, address, and driver’s license numbers – could be in hands of criminals. This clearly shows importance of data security. I personally think that perimeter based approaches to security have become outdated. I strongly believe that security and privacy pros must take a data-centric approach to make certain that security travels with the data itself – not only to protect it from cyber criminals but also to ensure that privacy policies remain in effect.
Data science is relatively a new terminology. However, in my career, I worked with massive amount of data, used multiple data handling and report generating tools including SAS, SQL, and R and generated reports for technology which processes 1.1 million transactions per second. I think, we are in the age where data is backbone of every economy, data is generated almost from every electronical device and it can be used to take better business decisions. On the other hand, if such data gets unauthorized access, it could be devastating not only to business but also to society.
My primary role was never data protection, however its almost always expected from me. Which is true for every infrastructure or data professional. Having said that, I can’t think of any single take away from and for data protection. In large, terminologies differ but concepts are same. For example, data protection on servers can be compared with cloud data protection.
On the brighter side, there are multiple and easy ways to protect data. For instance, one can easily use tokenization option for sensitive data or do data discovery and flow mapping using data classification, Enterprise key management and application-level encryption. There are other ways such as big data encryption, data access governance, and data subject rights management. Frankly, one can easily argue that data protection is added layer on system protection, which is true in many cases. There are simply many ways to protect data and the best approach for doing so is relative.
Finally, while data will always be epicenter of the future development, the technology to protect it will always be changing. Therefore, it is recommended to infra and data professionals that do your part of data protection and don’t just rely on IT security for data security.