We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Blog: Claudia Imhoff Subscribe to this blog's RSS feed!

Claudia Imhoff

Welcome to my blog.

This is another means for me to communicate, educate and participate within the Business Intelligence industry. It is a perfect forum for airing opinions, thoughts, vendor and client updates, problems and questions. To maximize the blog's value, it must be a participative venue. This means I will look forward to hearing from you often, since your input is vital to the blog's success. All I ask is that you treat me, the blog, and everyone who uses it with respect.

So...check it out every week to see what is new and exciting in our ever changing BI world.

About the author >

A thought leader, visionary, and practitioner, Claudia Imhoff, Ph.D., is an internationally recognized expert on analytics, business intelligence, and the architectures to support these initiatives. Dr. Imhoff has co-authored five books on these subjects and writes articles (totaling more than 150) for technical and business magazines.

She is also the Founder of the Boulder BI Brain Trust, a consortium of independent analysts and consultants (www.BBBT.us). You can follow them on Twitter at #BBBT

Editor's Note:
More articles and resources are available in Claudia's BeyeNETWORK Expert Channel. Be sure to visit today!

There have been a number of reports recently about security and privacy breaches involving customer data -- ChoicePoint, Lexis-Nexis and other information providers come to mind. What do you need to do to ensure that this never happens to your corporation's data?

I have been reading a lot lately about privacy and the need to secure customer data from hackers and outsiders who want to misuse the information. The erosion of privacy even within corporations seems to be pretty concerning as well. What is a corporation to do to ensure that its crown jewels -- its integrated customer data -- does not fall into the hands of the wrong people?

It was suggested to me recently that the only way to really secure this data is to encrypt it. If hacked into, the hackers would only get a string of gibberish and nothing meaningful would be usable. The only people who could use the data would be those individuals having the encryption key. Sounds good but there are problems with this approach too.

Encryption traditionally has involved a substantial amount of overhead -- overhead to encrypt the data, thus slowing down the data processing (think loading of data into the data warehouse, for example). Then there is the additional overhead of decrypting the data when someone wants to use it. There is good news here though. Encryption (and the corresponding decryption) technologies have come a long way. Encryption vendors now claim the ability to encrypt and decrypt with little or no performance hits whatsoever.

The second thing about encryption -- particularly from a BI point of view -- is that once it is decrypted and the query returned to the user, the data may be downloaded to their PC. Hmmm -- where's the security now? Unless it stays encrypted -- even on the user's PC, it seems to me that we still have a major hole in the overall data security and privacy scenario. This is an area that could use some vendor support as well.

If you have any ideas about security and data privacy, I welcome your comments.

Yours in BI success,


Posted April 28, 2005 10:46 AM
Permalink | 1 Comment |

1 Comment

Hi Claudia,

I think:
1. Using VPN, and SecurID cards from RSA
2. Maybe storing data in 1st level encrypted format, 2nd level encryption as the data is selected to go over IP, decrypted on client side - but requires Thumb-print or secondary RSA code.

I think this may be a good start, but of course it would completely wipe out any possibilities for web-browsers unless they are plugged in to localized and portable decryption devices.

Each end-user would have to have their own assigned dynamically changing key, combined with their login to decrypt data.

I don't think we'll ever get to a point where total security is complete, however I did write an article here on DNA and quantum computing power creating the first unbreakable encrypted information... Just some thoughts.
Dan L

Leave a comment


Search this blog
Categories ›
Archives ›
Recent Entries ›