by David Schlesinger CISSP
Traditional Database Management Systems have ways to make sure that not everybody can see everything. Thus, the clerks in the sales office cannot see the personal health history of the CEO (if the CEO complains loudly about the cost of Viagra at office parties however, confidentiality in the computer system is moot).
We remember that in the past we kept sensitive documents locked in file cabinets in locked offices. There often was an older employee who had been there since the company founding and who was very much in charge and gave us hard looks when we came in asking for certain information. Those of us who were fresh out of school were daunted and stammered out our requests. We were handed a sheet of paper to look at, but warned not to take it out of the room. Then we dropped it and it slid under the receptionist’s desk and we were afraid to ask for it and afraid to go under her desk and were miserable. Often we changed jobs and became disk jockeys.
But not to dwell on our past, today we have all this data stored as magnetic pulses which can be turned into electronic signals and sent around the world faster than a purchase order can slide under a desk. Our safeguard systems for confidentiality and privacy, however, have not yet evolved to that level of speed. Rising levels of lost and stolen personal information indicate that.
Yet, even as we face increasing numbers of laws, ordnances, guidelines, contractual restrictions and red-tape, we lose huge amounts of personal data each year (http://datalossdb.org/statistics). This may partly be because we have more data to lose each year, but it is also certainly partially due to the fact that we do not yet have the mind-set to build IT systems with information protection as a major requirement.
Wait! Before you huff and puff at me in anger claiming this is alarmist, please check the reference in the previous paragraph and then come back. The writer will wait. [Pause]
There, you see proof that we, as a population of people in the world, are doing a poor job of protecting information. So let’s see what we can do to make sure that our company does not lose data.
First, all DBMS should have some sort of viewing restriction capability. Sometimes it is as primitive as a View, other times it is sophisticated and multi-leveled. The most sophisticated systems allow the operator to distinguish between permissions that only allow users to look at the data, and other permissions that allow them to write to or change the data. The best schemes only allow users to download small subsets of sensitive data rather than entire databases. That way, your stolen laptops only contain small parts of the company records. (Hey, better than all of them!)
Unfortunately, some of the new Big Data management systems have not yet implemented good Confidentiality or HIPAA or PCI types of protection. Truthfully, it is a little early for them to have figured it all out, so the owner of the information (you!) need to build in these limitations before you send all this information off into a cloud somewhere.
A way reduce risk is to limit the amount of sensitive information you send to the Big Data Center. Encryption is a useful tool, but why are you sending encrypted data out? You cannot manipulate encrypted data. Not sending it out will keep it safer from loss or theft, and also speed up processing: A win-win for all. And yes, you will not be able to use the Government ID number or Credit Card number as the primary key! You will have to (gasp!) use an auxiliary surrogate key to send with the data; but I am sure you will find this easier than explaining to the boss why all your company purchase orders are now lost under the receptionist’s desk.