Quick question: does your company have data? Sorry, that one was probably too easy. How about this one: how much data does your company have? If you just felt your heartbeat quicken thinking about all the data your company produces, ingests, and connects to every day, then you won’t like this next one:
What are you doing to keep that data safe?
Data security is one of the defining issues of the age of AI and Big Data. Every company is becoming a data company, connecting to disparate data sources, both internally-generated, customer-created, and even third-party sources that provide much-needed context to deepen your understanding of your market, your customers, and your world. Whatever data you’re handing and whatever you’re doing with it, you need a data strategy to secure it and get the most out of it.
When it comes to keeping data secure, a handful of factors will go a long way towards protecting your company and your customers. Building a security-focused culture is the foundation of your security strategy. You also want to choose ISO-compliant analytics software and cloud database partners. Whatever platform you choose should also allow admins to easily manage security settings and user access from one place and give them usage analytics to determine who’s doing what with the system and make sure that no one is misusing their access. Let’s dig into the first part and talk about culture.
Security Starts with People
The TV show “Mr. Robot” (remember that one?) from a few years ago features a scene wherein a character scatters USB sticks outside a police department, banking on human curiosity getting the better of one of the officers. When an officer finally does plug in one of the USBs into a computer on the previously-closed-off police network, the hackers get access and can proceed with their plan. This scene dramatizes a similar attack that took place at a US army base in the Middle East in 2008. Dubbed the worst US-military cyberattack in US history, such an attack was only possible because someone placed a USB stick into a computer.
Humans are a company’s best defense and biggest weakness in the realm of data security. For front-line tech workers, constant reminders not to click strange-looking links and to be on the lookout for phishing emails can make it sound like the IT team or data engineers are all bordering on paranoia. But “better safe than sorry” isn’t just a cliche; it’s an adage that can be worth millions of dollars. Creating a culture where data security is understood to be everyone’s job is important. Everyone from data engineers and IT professionals to business analysts and users need to understand where threats can come from, how infiltrators seek to gain access, and that any bit of data, no matter how innocuous or unimportant-seeming, can turn out to be damaging in the wrong hands.
No system is absolutely impenetrable. Hand in hand with your frontline personnel training, your company’s security policy should include an array of documents related to the use of data and company tech resources. Some examples of these vital policies are:
- Acceptable Use: governs which activities are permissible with the company’s equipment, network, website, data, or other systems.
- Secure Software Development: development best practices for mitigating software security issues.
- Disaster Recovery: deals with how vital systems are backed up so that if they are damaged or destroyed, code and vital data is recoverable.
- Incident Management: provides an action plan in case of a breach or other security event.
With this combination of training, culture, and documentation, your security posture is strong. Next up, how software and security go hand-in-hand.
Selecting Secure Software
When selecting an analytics and BI platform, you want to make sure that your provider takes security as seriously as you do. Checking for ISO (International Organization for Standardization) compliance is a good place to start, as well as looking for approval from the IEC (International Electrotechnical Commission).
Collections of standards like the ISO/IEC 27000-series are put in place by the ISO and IEC to provide best practices for securely managing information. If your software provider is ISO-compliant, then you know their platform has been constructed with an eye towards IT and cybersecurity, as well as maintaining the privacy and confidentiality of the data the system handles. Your platform should give you the ability to encrypt data going in or out of it, though data import protocols usually depend on the protocols supported by the data source. When moving data between a platform’s web server and the user’s web browser, support for SSL is a must.
Your software’s security features are also vital when considering how admins will grant access levels for various stakeholders across the company. A robust analytics and BI solution needs to be able to give certain users access to parts of a dataset without revealing the rest of it, or to deliver insights from a combination of datasets to a user who might not have individual access to all the underlying data. No matter what the individual level of access, an ISO-compliant system will keep everything secure and confidential without slowing down time-to-insights or bogging down internal development processes.
We already said before that humans are a vital part of your data security strategy. Your system administrators are some of the most vital humans you have when it comes to securely connecting to the data you want to analyze. Whatever software system you’re using to analyze your data, you want to make sure that it includes a centralized place where your admins can control database security settings, as well as individual user access.
As indicated above, a robust, ISO-compliant analytics platform delivers data security and fine-grained access control, as well as encryption and authentication methods. Admins should be able to programmatically apportion user access by group, team, or individual, by data model, dataset, or down to the individual row-level.
The right administrative tools will also make it simple for data engineers and other data loss prevention stakeholders to control connections to the various databases (cloud, on-prem, etc.) and other data sources that a modern business needs to connect to in order to have a complete picture of the market and its customers.
Partners and Protection
Odds are, if you have a lot of data, most of it (if not all of it) is on the cloud. And that’s not a bad thing! The cloud is the home of choice for data for modern enterprises and companies of all types and sizes. If you have a cloud-native product or service, then chances are your data, software, and pretty much your entire company exists on someone else’s hardware, so choosing your partner becomes a pivotal question.
No discussion of the modern cloud ecosystem is complete without a mention of AWS. They have countless different options for storing and analyzing large volumes of complex, fast-moving, live data, and much more. They are also pioneers in cloud data security, keeping on the leading edge of new developments so that users of all sizes with all types of data can safely connect to their systems. Google was late to the cloud database game with BigQuery, but since they have so many other cloud-related offerings (Docs, Google Photos, etc. are all on the cloud) they also take security very seriously.
Cloud-native warehouses like Snowflake aren’t willing to lose ground in the data security game, either. Snowflake is another big name that stands out of the crowd by offering a powerful SQL data warehouse that handles a wide array of data securely. Whatever data you need to store and access, choosing a cloud partner with a commitment to security is important.
Understanding Your Users
Again, it all comes back to people: you and your data engineers and IT team spent the time building a powerful data model, listening to stakeholder concerns and requests, and apportioning user permissions. Is all that work paying off? User analytics can tell you which teams and individual users are getting the most use out of your analytics system. Does your data model encompass all the datasets it needs to in order to drive value for your users? Are some teams or individuals constantly requesting access to datasets they shouldn’t be? Or are there some elements you missed during your initial build or conditions that have changed that necessitate adjustments to the model, which datasets you connect to, or what level of permissions you grant to which teams or users? Without user analytics, you’re just guessing at how well your database security and user permissions are working out. Wouldn’t you rather know?
Simplifying Data Security
Securing data can seem daunting, but it’s really a collection of simple elements that come together to create a powerful safety net that keeps your users, customers, and data safe. Choosing ISO/IEC-compliant software and reliable cloud partners are two software and infrastructure decisions that can set the groundwork for your data security strategy. Backing that strategy up with a culture that values security drives home to all your users that securing data is everyone’s responsibility. Empowering admins with simple tools for controlling user access and monitoring their behavior within the system tie all these factors together and allow administrators to be proactive in keeping the company, datasets, and users of all kinds safer. There’s no perfect plan for data security, but these vital elements can go a long way.