The recent Equifax data breach was unusual for its scale -- nearly 150 million accounts were affected -- but the basic story is nothing new. Massive data breaches have been happening at a record pace. Just one security flaw in one piece of software can put an entire enterprise at risk. Everybody is vulnerable.
The European Union has responded to the problem with its upcoming General Data Protection Regulation (GDPR), which will help minimize the risk and will impose stiff penalties -- up to 4% of global turnover-- for organizations that don't comply. Firms with EU exposure are scrambling to prepare for its 2018 starting date.
Most companies see GDPR as a burden, but Kenneth Sanford, an analytics expert at Dataiku, sees it as a blueprint for better data practices. While regulation won't stop the breaches, it will help prevent the damage that they cause. With data and analytics becoming so central to how we do business, it's time that we start taking it more seriously. Here's what you can do:
Historically, collecting, storing and analyzing data was expensive, so we didn't deal with it in large amounts. It made sense to keep a central database on a server somewhere and then download it to a laptop for analysis. That both allowed executives to do analysis on the fly and lessened the need for massive internal resources.
Yet today, storage and computing in the cloud are incredibly cheap, so there's no real need to download data onto an external source. What's more, all that data floating around in so many places becomes a massive security vulnerability. So it's becoming increasingly important to control where data goes.
"You need to centralize your data and your analytics, not only for security but for continuity of business processes," Sanford says. With today's cloud environments, this is a pretty simple fix and won't result in any loss of convenience or mobility. At the same time, it makes your organization far more secure.
Another source of data vulnerability is that there is so much of it. "Storage got so cheap that everybody started collecting everything and not knowing why," Sanford explains. It's like in the early days of web registrations, when to sign up for a service you had to fill out an impossibly long questionnaire. Today, we're doing much the same, except we collect data in pieces.
The problem is that once you own data, you become responsible for it. If, for example, you are holding the someone's social security number even though you do not have a financial relationship with that person, then you are putting their identity at risk.
