Bookmark and Share
RSS

Recent Posts

IT Security and Data

April 16, 2018

This week, I’ll continue with the computer security topic with a focus on data and computer security. According to Techopedia, data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data security also protects data from corruption. 
 
Data and security was of limited focus in the early days of IT (involving records and files), but today the focus has widened exponentially. Currently the focus is not only data organized for application use but for data collected from computer users during application access. 
 
Files and Records  
When many of us began programming, it was at a time when IT was transforming business processing from manual processes to those assisted by IT. I am reluctant to call what we did automating business processes because that’s not exactly when we were doing. In many ways, our mandate was to add computers to the business mix to make things better, not do process reengineering. Besides, few of us had the skills to effectively reengineer business processes. That focus in IT came later.
 
“Read a file, write a record” was something we all learned as beginning COBOL programmers. We designed data repositories, files and records with fields, and concerned ourselves with access challenges like how should we support access with primary and secondary keys. VSAM was a gift that made our jobs easier as it consolidated all popular access methods into one master utility—IDCAMS
 
Security was on our minds but was not a primary focus. Data access was through batch programs, which had a powerful set of human controls. Programmers had a lot of power to alter data through file utilities but it was the job of IT management to make sure that this power was not abused. When online processing emerged, things changed.
 
Databases
Real-time access to data came along at about the same time as the emergence of commercial databases. These commercial DBMS products came with the tools to place more focus on security through the implementation of database security mechanisms and implementations including privileges, views, encryption, auditing and special security features. These mechanisms didn’t all arrive right from the beginning but they emerged release by release by the major software companies. Even databases were not used for online applications, applications programmers invented their own ways of handling security. For example, role-based processing using internal user-id tables and checks for privileges in the application logic were a role-your-own way to implement a role-based security scheme. 
 
Today and the Handling of Data  
Today, data is a primary issue when it comes to the topic of security. The importance of data security has come about for two reasons. First, data associated with traditional IT processes has become increasingly available to a broader community of users. What was once the domain of programmers and limited departmental application users, is now available to more people and organizations for a wide variety of uses like internal data mining.
 
In “Privacy-Preserving Data Mining,” the authors state that a fruitful direction for future data mining research will be the development of techniques that incorporate privacy concerns. They explore value-class membership, value distortion and other techniques to address this need in data mining. In “Why Security and Privacy Matter in a Digital World,”  the author writes, "Many intrusions into government and private-sector systems have exposed sensitive mission, business and personal information." The focus of this article was not about data mining concerns but rather hacking into systems to steal data and use it for its commercial value to others. 
 
There are many articles that offer how-to advice for individuals and professionals. “5 Privacy and Data Security Measures That Can Protect Your Company Against Trade Secret Theft” identifies five proactive ways in which companies can use comprehensive privacy programs and vigorous data security measures to help prevent and respond to an insider’s intentional or inadvertent disclosure of confidential company information. These include:
  1. Internal privacy and data security principles 
  2. Internet access and use policies
  3. Social media policies  
  4. Robust protections in service provider agreements
  5. Bring your own device policies 
 
  1. Am I safe when I log into my accounts from different devices?
  2. Who else can access my data?
  3. How can I be sure that I can trust all the people and companies I share my data with?
This quick survey of academic and popular articles shows the wide variety of topics on the intersection of data and security. It’s no surprise that security professionals are in wide demand. Skilled people are needed to address these needs and concerns for organizations and to advise individuals. 
 
Is That All There is?
In this multipart series, I have used Kroenke’s model of a system to explore the topic of IT security. I have written about hardware, software, people, procedures and data. This framework has given a way to survey this topic and I hope that it has given you a way to dig deeper when you had the motivation to do so. Next week, I will begin a new topic. 

Posted April 16, 2018 | Permalink

comments powered by Disqus