Data Breaches: Why Store Data You Cannot Secure?

It has happened yet again. A massive data breach at a major corporation. Yesterday it was Target, today it is Anthem, and tomorrow it can be anyone else - possibly YOU!

This endless battle between attacker and defender is not new though.

Perhaps, as old as the human race itself. A caveman would have stashed his kill for a rainy day only to find someone else look for it, find it and pilfer it away.

What surprises me though is our tendency to create data hoards which are prime targets for data thieves. Reminds me of the days when wealth used to be stored in temples and churches making them the place to go for periodic plunder by marauders.

Why store the Social Security Number (SSN)? Does it really needed to be stored?: Use of Social Security Number to establish identity may be a matter of law and of convenience but I am not sure why corporations need to store it. I would think that once the identity is established (a trusted connection) using the SSN, the same should be discarded and replaced by a "Trusted Handshake Indicator" verifying that trust has been established. Not rocket science, somewhat similar to what companies do when they use your credit card number for a transaction and you do not want it stored by them for repeated transactions. The fact that the SSN is stored in the databases makes them more vulnerable to attack. If you store gold, tonnes of it, and afraid of it getting stolen you need to make sure it is as secure as Fort Knox. Or better still do not store it at all.

Why not distribute the data storage? Secondly if the SSN and other data has to be stored, why store it in a single large data warehouse where a single breach makes the entire store vulnerable. Why not distribute it over multiple warehouses, each with its own security and defenses. This way at least the scope of a breach can be contained and isolated. I know that conventional wisdom of yore was to build massive data warehouses to ensure quick retrieval and processing. And companies made huge investments to build those warehousing capabilities. But now technology has evolved. It is quite easy to pull data from disparate data-sources for transaction processing and reporting. (Think Google, it does not need all the information it searches stored on a single large server). The cost of a data breach can easily surpass the benefits of having all data stored in a single repository.

I am no data security guru and perhaps the above approaches are simplistic. Hey but we got to start thinking and challenging assumptions.

Will we get to a perfectly secure system? Never. You may build the best defenses only to find someone drive an armored SUV through the shatter proof glass windows (Gold Nuggets Stolen From Wells Fargo Museum in San Francisco)

This cat and mouse game between attacker and defender started in posterity and is likely to extend till eternity..........................

The Business Intelligence Chronicles Part 21: Data warehousing Title Fight, get your bets in...

After BI now the turn of Data warehousing.

Per Gartner 2011 will be the year when data warehousing reaches what could well be its most-significant inflection point since its inception, the new data warehouse will introduce new scope for flexibility in adding new information types and change detection.

Gartner adds, in 2011, data warehouse platforms will evolve from an information store supporting traditional business intelligence (BI) platforms to a broader analytics infrastructure supporting operational analytics, corporate performance management and other new applications and uses, such as operational BI and performance management.
 
Magic Quadrant for Data Warehouse DBMS

Key Highlights:
 

 
1. Organizations are adding workloads with online transaction processing (OLTP) access, and data loading has moved to intra-day — approaching continuous — loading in many cases.

2. While cost is driving alternative architectures, performance optimization is driving multitiered data architectures, including a strong interest in in-memory data mart deployments. At the high end, data warehousing is now mission-critical.

3. data warehouse "ideal" is changing and will give way to new kind of warehouse that addresses more extreme types of information assets. As a result, data warehouse DBMS vendors must begin to address numerous, new information asset formats, or be relegated to supporting roles in the future.

4. real opportunity for data integration tools vendors to challenge the database management system (DBMS) vendors as the primary data management architecture, and the DBMS vendors should not underestimate this potential competition.

5. The market is shifting from storage and access to delivery and comprehension, and that means context as depicted in metadata will become paramount. Another contender for the crown of information provider is business process platforms, which deliver business process management. Although late to the game and less mature than either DBMS or data integration, these solutions assist in managing the business context of information management.

6. By 2013, Gartner predicts that data warehouse DBMS vendors will combine their offerings to become something more like an information management platform. The DBMS will become, above all else, an execution platform. It will support and perform data management and integration tasks as well as for query and analysis execution.

7. "Many traditional data warehouse DBMS vendors already offer both the DBMS and execution platforms — but the independents may surprise the mega vendors. By all indications, acquisitions as well as research and development will set the stage and the deciding factors for the big winners and losers when the 'title fight' begins."

The Business Intelligence Chronicles Part 11 : BI : Rear-view Mirror or Real-time Dashboard or Forward Looking Crystal Ball or All 3?

Classical BI with it's roots in Data warehousing has always been more of a Rear-view mirror : offering creative insights into essentially historical data. You can slice it, dice it, drill up, drill down, view it in cubes or reports or dashboards but it essentially is historical.

Last Friday IBM launched IBM System S , a real time data analysis software. IBM is positioning it as "software designed to analyze streams of real-time data". It "could help financial institutions monitor transactions and analyze risks, or help hospitals monitor patients to detect problems early ". I have not had the opportunity to look at the software or it's documentation yet.

Interesting !

However, even a "Real-time Dashboard" is meaningless without a functional "Rear view mirror" as we all know from our experience driving automobiles or running companies. A real-time dashboard may indicate that sales are dropping or manufacturing defects are rising at 3:00 p.m. This data in isolation without a "Rear-view mirror" giving historical perspective ("Over the last month sales have started declining or manufacturing defects rising at 3:00p.m.") is only of marginal importance.

I am sure IBM would be envisaging buyers complementing it's System S with some of it's more traditional BI offerings like Cognos etc.

I think BI should be Rear View Mirror, Real Time Dashboard and Forward looking Crystal Ball all rolled into one......

Speaking of Cognos, attendees returning from Cognos Forum (held over last week) were slightly disappointed by the lack of new offerings. Last year their was a great buzz around the 8.4 release, nothing such this year around.

The Business Intelligence Chronicles Part 10 : What happens when Data driven BI meets BI Joe ?

One of the most interesting aspects of blogging is the interesting conversations one strikes up with a wide variety of people.

The latest interaction I am engaged in is with Ken Allard, military strategist turned BI guru. Not your classical textbook BI but BI with a twist. His worldview of BI takes it beyond "tactical information harvested from IT and DW" to "war gaming and simulations".

My perspective is that Yes, war gaming and simulation could be useful additions to the world of BI. The catch with war gaming is that there may be a perception that the technique has not been able to project the trajectory and outcome of recent conflicts. Well, that may be less a result of ineffectiveness of war gaming as a tool/technique and more so because of incorrect scenario formulation/projections or failure to implement the results of war games into the real life battlefield.

Corporates can "war game" new product launches, emergence of new competitors, delays in new product development etc.

Ken takes the concept even further. Based on his military experience he finds that the real value of war-gaming is not the precise prediction of events, which rarely turn out as expected - Murphy's Law governing almost everything. Rather, it is in the minds of the commanders who are steeped in the variables (What can go wrong?) and learn what they need to do to react effectively enough to accomplish their mission (usually expressed as the commander's intent).

There seems to be nothing comparable in business today where the leadership seems to focus obsessively on smaller issues - usually short-term financials.

His view of war gaming in the BI context takes it beyond single events like product launches, (though he acknowledges those too can be important forward steps) into the realm of entrepreneurial strategic planning that focuses three or four years out and applies that rigor to basic corporate decision-making.

Interesting indeed.

Ken tells me he is appearing on the Huckabee Show on Fox News Channel this weekend (Sat and Sun night). Worth checking out....

Hot off the press (May 18) : Got a note from Ken. He never got to BIzWars (BI and War Gaming/Simulation) on The Huckabee Show. They got caught in the quagmire of discussing his run in with the NYT regarding their article about Pentagon's influence on war reporting. Watch

The Business Intelligence Chronicles Part 1: Six Blind Men and a Elephant

Many years ago when I transitioned into Business Intelligence Applications (Peoplesoft EPM/Cognos) from a ERP Transactional Applications (Peoplesoft Financials) background, one of my first endeavors was to "sell" the concept on an ongoing basis to what almost always used to be a wary audience of executives, managers and users who had heard the buzz but were not exactly sure what it meant. With my Sales and Marketing Background I knew that a picture will do it better than words.


The first slide in my presentation deck was the parable of the Six Blind Men and the Elephant :

• Is it a Wall ?
• Is it a spear ?
• Is it a snake ?
• Is it a tree or a fan or a rope ?
  Each blind man describes the elephant from where he is standing, from his perspective, and each is different...
  With EPM - Provide timely & consistent information across the global organization in order to align executives, operational managers, field sales force and knowledge workers in defining, viewing and pursuing strategic objectives.

The slide always drove the message home and I retained it in my deck as we continued to roll out BI applications to more sites/functions. Always succeeded in getting the audience engaged as it very aptly described the state of data and information in most sites/functions/organizations and what we intended to do about it. A very clear positioning for our "Brand".

What do you think ? With the multitudes of BI applications and Data Warehousing Solutions are organizations today better equipped to see the Full Elephant or are they still like the Six Blind Men ? Share your stories and watch out for Part 2 of The Business Intelligence Chronicles.