My Profile Photo

Libin Joseph

Sydney, Australia

Software Consultant, Open-Source Enthusiast and Trainer

on CyberSecurity, Data, SoftwareDevelopment

Data: A colossal liability

data cover image

With the steady increase in cyber security incidents around the world, data is becoming more and more of a liability for most organizations. Since cloud storage prices have decreased and scaling up storage options has become easier, businesses and other organisations save any data they can and shy away from deleting. Most analysts consider this type of data incredibly valuable, since it allows them to gain insight into operations and even predict the future. But unfortunately it’s the same data that attracts the intruders.

I consider data a liability, like we do a loan. Loans are often obtained with well-intended intentions, but if they are not managed well, they can turn into a disaster. Upon submitting an application for a loan, the bank does all it can to ensure it is the right amount and the right reason before approving it.But do we do any checks when we save the data? Do we check if we need that data? How long do we need that data for? What measures do we have to protect it? Are our developers and other employees trained to handle them in a safe manner?

With the recent increase of cyber incidents, governments around the world consider hefty fines for security negligence. In Australia, government is considering increasing fines by up to 50 million dollars. This significant increase in fines emphasizes the importance of having a proper data security strategy.

Most of the data security strategies are planned around protecting personal identifying information aka PII. Although this is a great start, it is certainly critical to look at transactional data. That’s far more appealing and is more relevant for analysts as well as intruders.

So, am I suggesting that we should not save any data? Definitely not, I don’t believe any business or organisation can be effective without analysing data. Therefore, it is critical for us to build a sustainable data framework that suits our business model and the organisations that we work for. Some of the principles we can adopt are:

  • Don’t save data we don’t need.

  • Consider isolating high-risk data in a restricted environment, or even saving it off-network.

  • If the data becomes obsolete over time, consider deleting it.

  • Always store data as encrypted.

  • Consider masking critical and sensitive data