A Market Overview on the Changing Data Landscape

- Alan Jamieson

We live in changing times and data has become a major part of our lives.  With the recent enactment of the General Data Protection Regulation (GDPR) in late May, we have all been inundated with privacy emails from our suppliers emphasizing that we own our data which helps both parties with relevant information, offers etc.

Having data and the rights to opt out are important, but how do we know it’s safe with ongoing, frequent data breaches across the globe? Can we cope with the number of offers sent to us from suppliers who hold our data, and can we be assured that they are using my current and historic personal data?  If data has been collected over weeks, months and even years, the reality is the more data you can analyze, the greater insight can be obtained.

A few years ago, data was expected to increase in volume by 100% annually, which challenged computing infrastructures and brought to light questions such as where is the most cost-effective place to store the data? And, what analytical tools should we be using? Can the tool look at all data types (structured and unstructured)? Do we need to hire data scientists looking to make real-time decisions? Are we aware that running complex queries take time? Today, most data volumes are increasing higher than previously predicted, especially in social media where data volumes can increase by Petabytes of data daily (not solely text but increasingly with video and audio content) and through our adoption of IoT products.

Terminology is also changing, terms such as big data. which had various means based on its context.  Gaining business insights from the increasing volumes of data being held are important to help improve user experiences, drive business efficiency, help fine tune marketing offers, and predict what equipment needs maintenance to avoid unnecessarily outages etc.

While we can protect data through encryption technologies either when data is at rest or in transit, searching for data in databases (on prem or in the cloud), repositories such as Microsoft SharePoint and other documentation types is also a critical challenge. It’s great to collect data but it you can't easily access it, you are incurring unnecessary storage business costs that will not be recovered.

Speaking to enterprise customers and global vendors, there is another change in how we interact with data.  With our widening generation employee bases across most enterprise companies, how we access data is changing.  Our younger global workforce, who have grown up with smartphones, are increasingly looking to request information or data via a voice request and not a keyboard.  Enterprise companies must cater for information or data access via keyboard and/or voice request but only to authorized data requestors. 

We at BOHH Labs address this changing data landscape with a service that provides voice and keyboard access to secure data enabling data analytics to be performed whilst importantly preventing data breaches. We are hoping to lead a shift in how the market both views and interacts with their data. After all, data is a business asset and we are looking to help companies unlock its value.

Why Every Company Needs A Proactive Plan to Secure their Proprietary and Sensitive Data

- Ted West, BOHH Labs Chairman

Companies store a massive amount of data which they want to liberate for new business applications, analytics and optimization. These data include everything about customers, suppliers, production and logistics operations, as well as financial transactions and results. All these data offer new value to companies looking at adding new business applications and analytics tools to help make better business decisions and remain competitive.

Many of these applications and tools reside on the cloud, outside of existing “firewalls” of security. And while the companies consider and procure more and more security solutions to harden the edges of the firewall, they remain reluctant to “let the data out” to the cloud due the risk of it being hacked, leaked, lost, or stolen. As a result, companies may be missing out on ways to better optimize their business.

In today’s business environment, proprietary data can be an immensely valuable asset. It must be treated as such. It is no longer enough for companies to take a laissez-faire approach to securing proprietary data, reacting to a threat or breach and figuring out how to deal with it on the fly. Rather, companies must adopt a proactive approach and plan to secure their data before letting the data out.

Companies are responsible for holding massive amounts of data – much of which is sensitive customer and employee personal information such as PHI (Protected Health Information) or PII (Personal Identifiable Information), as well as sensitive proprietary and financial data. When a company experiences a breach and any of this sensitive data is leaked, companies are exposed to financial and brand damage, trust and loyalty degradation, and even lawsuits, financial penalties and fines.

That is why it is critical companies have plan to approach their data security. But, what does such a proactive data security plan look like? The first step is understanding your data and how it is already protected. Once these questions are addressed, data security protocols and policies will be better understood, and new security protocols and solutions can be reinforced, updated or added.

Questions you must address to start your data security plan when moving data outside the enterprise:

1. What company data from the inside is needed to move on the outside into new applications?
2. How is this data transported from on premise (inside the firewall) to the cloud?
3. Which of these data are truly sensitive, subject to privacy and confidentiality requirements?
4. How will user access to these data be provided once data is outside the firewall?
5. How will the truly sensitive data be transported and accessed with privacy and confidentiality?

When companies don’t have a plan in place to protect their proprietary data, it can’t be properly leveraged to optimize their business. The analytical value of data is enormous and can be applied to everywhere from improving sales cycles to helping organizations plan better marketing efforts that will help companies make more informed decisions on how to interact with its current and potential customers. However, if data is not properly protected or, even worse, if data is breached and stolen from bad actors, companies will lose the ability to apply this value to their business efforts.

Every company should have a well-thought out plan to protect their proprietary data at the root level to help minimize risk of data breach and loss, while taking advantage of the full use of their data.

Security Add Ons Are Crap & Don't Protect Data

In the last couple of weeks, we have participated in several industry events, including the recent SAPPHIRENOW event hosted by SAP. I am a big supporter of these types of events as it is invaluable to be able to learn, share information, monitor market trends, and perhaps most importantly, speak with customers and have one-on-one conversations on what problems they need addressed and what they are currently lacking.

It is evident that organizations are looking to increase their value and maximize their technology investments by moving many business-critical applications to the Cloud. There are obvious benefits to this – cost savings, more efficiency in operations and enhanced ability to leverage analytics for more focused business decisions are just a few to name. However, to move all of this forward, customers are looking for new and innovative ways of protecting their critical business and data assets in our very volatile and breach-prevalent market. Security is challenging enterprise progression, and after attending several events recently, it is clear there is a discrepancy between the perception and reality by vendors on what customers actually want to fix this.

Companies and vendors continue putting out “new” solutions that are simply add ons to existing security investments, but it seems that customers are fed up with the security industry “add-ons” for promised enhanced security, as time and time again, the same old vendors are promising new and exciting solutions to protect companies and their data, yet major breaches keep happening.

I will be blunt – security add ons are crap. They are just a patch to stop bleeding so to speak, but they are not permanent solutions and they certainly are not innovative and new. Now, I am not saying that all current security solutions are crap, but we have had the current security practices for over a decade now, and while they have definitely worked in some cases, there are other well documented ones where they have blatantly not. This alone tells me that we need to re-evaluate how we are protecting our systems and data.

I am not saying that companies should stop purchasing specific security applications, CASB's, Firewalls, VPN's etc., but instead of bolstering the current systems with new patches and add ons, it is time that we ask ourselves if we are doing it right and providing enough trust and security to enable organizations to allow their customers to use that data correctly. Where we need to focus our security efforts is on the data itself, both at rest and in transport. The core focus must be on protecting the data at the foundation level.

Given that a business will easily spend millions to protect access to data, it would only make sense to secure the data itself as it comes through and sits in your database. But wait, you say we do that, right? Well yes, this happens with encryption, but there is a flaw - current database systems can encrypt stored data, but it is carried out in a way that anyone (human or machine) that has access to the system at any administration level generally also has access to the plain unencrypted data. This leaves a big come get me sign. That’s why at BOHH Labs we believe in offering database or specific field level security. All data that needs to be secured is removed from the source, encrypting it and storing it separately without changing the structure, enabling prioritization and control over every data point. We do this because it stops the inside hacking job. If the database does not contain the data, then a malicious actor who has gained root or admin privileges cannot run a simple query on the data, extract it, and have it available to them to sell to whoever they like, unlike traditional TDE Data Encryption or homomorphic encryption technologies!

By putting our security focus on the data itself, not just where it is coming from, where it is stored or being transacted to, it enables better protection for both external and internal threats that customers desperately need.