There have been a number of reports recently about security and privacy breaches involving customer data -- ChoicePoint, Lexis-Nexis and other information providers come to mind. What do you need to do to ensure that this never happens to your corporation's data?
I have been reading a lot lately about privacy and the need to secure customer data from hackers and outsiders who want to misuse the information. The erosion of privacy even within corporations seems to be pretty concerning as well. What is a corporation to do to ensure that its crown jewels -- its integrated customer data -- does not fall into the hands of the wrong people?
It was suggested to me recently that the only way to really secure this data is to encrypt it. If hacked into, the hackers would only get a string of gibberish and nothing meaningful would be usable. The only people who could use the data would be those individuals having the encryption key. Sounds good but there are problems with this approach too.
Encryption traditionally has involved a substantial amount of overhead -- overhead to encrypt the data, thus slowing down the data processing (think loading of data into the data warehouse, for example). Then there is the additional overhead of decrypting the data when someone wants to use it. There is good news here though. Encryption (and the corresponding decryption) technologies have come a long way. Encryption vendors now claim the ability to encrypt and decrypt with little or no performance hits whatsoever.
The second thing about encryption -- particularly from a BI point of view -- is that once it is decrypted and the query returned to the user, the data may be downloaded to their PC. Hmmm -- where's the security now? Unless it stays encrypted -- even on the user's PC, it seems to me that we still have a major hole in the overall data security and privacy scenario. This is an area that could use some vendor support as well.
If you have any ideas about security and data privacy, I welcome your comments.
Yours in BI success,
Posted April 28, 2005 10:46 AM
Permalink | 1 Comment |