Business Intelligence Network business intelligence resources

Blog: Dan E. Linstedt

« It's Business Modeling, not Data Modeling. | Main | Information Valuation - Is data an Asset? »

Business Intelligence and the IRS

In the BI Industry, someone is constanty talking about accountability, or better security, and in this world of VLDW - we must take caution to secure our data. In case you hadn't heard, the IRS "may have had" a security breach leading to identity theft. MSNBC - IRS & Identity Theft

When we build VLDW's or VLDB's we MUST be concerned with security. The greater number of needles in the haystack, and the bigger the haystack gets - the more likely we are to have others who want to find the needles, and most of the time, the others are not authorized. If an SOA is simply "thrown on top" of an existing system without proper planning and architecture, it can lead to disasterous results.

One has to wonder in this day and age, how systems like this (particularly with e-file), get put into place. Where's the business intelligence in e-filing if you're going to get your identity stolen from a public sector industry?

The article continues... "The agency has fixed 32 of the 53 problems that turned up in a 2002 review, the GAO said. But the GAO found 39 new security problems on top of the 21 that remain unfixed."

If we built a BI system, on top of a VLDW that had 32 of the 53 security problems fixed (that were found 3 years ago), our business users would be furious, especially if it compromised the security of our systems.

Finally the article says: "An IRS spokesman declined to comment further. Michigan Rep. John Conyers, a Democrat, said the Judiciary Committee will consider whether additional measures are needed to strengthen computer security."

In the private sector, we'd never get by on selling a project like this - especially if the IT or consulting staff were to "refuse to comment further".

What does this mean to the VLDW systems and the SOA's that we are currently building?
In the private sector, it means, we must take extra caution to:
1) install proper SOA monitoring devices,
2) pay the extra dollar, go the extra mile and try to break the security of the system
3) further lock down access to the large and centralized data stores (the bigger the data sets, the more likely we can have security leaks).
4) Identify accountable resources in business who can and will take ownership when problems are found.

Just because we have more powerful tools in the Business Intelligence world today, and just because we have more data than ever collected into a single instance - doesn't mean we can be more lax with our restrictions. VLDW/VLDB, and SOA are all large undertakings for any organization (government or not), and require new measures to ensure their success. Again, convergence of IT with the business is paramount to making the new world of Business Intelligence work.

In the case of the IRS, I wonder when they will actually get around to fixing the "known bugs" and stopping the security leaks. Loss of business accountability is tremendously detrimental to any BI system.

  Posted by Dan Linstedt on April 20, 2005 7:56 AM |

Post a comment