|
Blog: Claudia Imhoff« Do you need an enterprise data model? | Main | Gartner's Magic Quadrant Strikes Again » Encryption to ensure privacy?There have been a number of reports recently about security and privacy breaches involving customer data -- ChoicePoint, Lexis-Nexis and other information providers come to mind. What do you need to do to ensure that this never happens to your corporation's data? I have been reading a lot lately about privacy and the need to secure customer data from hackers and outsiders who want to misuse the information. The erosion of privacy even within corporations seems to be pretty concerning as well. What is a corporation to do to ensure that its crown jewels -- its integrated customer data -- does not fall into the hands of the wrong people? It was suggested to me recently that the only way to really secure this data is to encrypt it. If hacked into, the hackers would only get a string of gibberish and nothing meaningful would be usable. The only people who could use the data would be those individuals having the encryption key. Sounds good but there are problems with this approach too. Encryption traditionally has involved a substantial amount of overhead -- overhead to encrypt the data, thus slowing down the data processing (think loading of data into the data warehouse, for example). Then there is the additional overhead of decrypting the data when someone wants to use it. There is good news here though. Encryption (and the corresponding decryption) technologies have come a long way. Encryption vendors now claim the ability to encrypt and decrypt with little or no performance hits whatsoever. The second thing about encryption -- particularly from a BI point of view -- is that once it is decrypted and the query returned to the user, the data may be downloaded to their PC. Hmmm -- where's the security now? Unless it stays encrypted -- even on the user's PC, it seems to me that we still have a major hole in the overall data security and privacy scenario. This is an area that could use some vendor support as well. If you have any ideas about security and data privacy, I welcome your comments. Yours in BI success, Claudia
|
Comprehensive resources for business intelligence and data warehousing professionals.
NETWORK WEBSITES:
BeyeSURVEY | BeyeSEARCH | BeyeBLOGS | BeyeRESEARCH | TDAN.com | BeyeNETWORK
Press Releases | About Us | Contact Us | Site Map | Privacy Policy | Media Kit
Copyright 2004 — 2008. Powell Media LLC. All rights reserved.
Business Intelligence Network™ is a trademark of Powell Media, LLC
Comments
Hi Claudia,
I think:
1. Using VPN, and SecurID cards from RSA
2. Maybe storing data in 1st level encrypted format, 2nd level encryption as the data is selected to go over IP, decrypted on client side - but requires Thumb-print or secondary RSA code.
I think this may be a good start, but of course it would completely wipe out any possibilities for web-browsers unless they are plugged in to localized and portable decryption devices.
Each end-user would have to have their own assigned dynamically changing key, combined with their login to decrypt data.
I don't think we'll ever get to a point where total security is complete, however I did write an article here on DNA and quantum computing power creating the first unbreakable encrypted information... Just some thoughts.
Cheers,
Dan L
Posted by: Dan Linstedt | April 29, 2005 5:43 PM