When organisations think about their most valuable assets, two are always at the top of the list: trust and data. Without trust, customers will simply not buy your product or service. This is why the Harvard Business Review noted, “If you’re selling a product, you’re now selling trust.”
A significant element of how trust is built and maintained is how data is handled. Over the last year, Australians have been subject to their most significant data breaches. It’s hard to find an Australian adult who has not been directly impacted by one of the major breaches that have been reported over recent months.
One of the key issues that has become apparent is the sheer volume of data on customers that’s being held. And this happened for the simple reason that data was seen as incredibly lucrative. And like any organisation that has access to a valuable resource it was collected and hoarded. It was treated in the same way as OPEC countries hold vast quantities of oil – a valuable asset.
But what has now been clearly established is that data is not like oil. It’s like uranium. Incredibly powerful, but you don’t want to hold on to too much of it for any longer than needed or it might explode in your face in the wake of escalating cyberattacks.
Effective data management is critical for data security.
Many breaches don’t attack core operational business systems. They attack data stores that are not secured with the same rigour or attention as transactional systems. Whenever you copy data to a new location to power a reporting system or to feed your AI models you are creating a new target for threat actors. Vast data lakes and data warehouses often created for business intelligence programs and to feed AI algorithms are honeypots that attract criminal bees.
The challenge organisations face is making that data accessible to those critical applications without creating a new honeypot for thieves to target. The good news is that well designed transactional and operational systems created and maintained by reputable companies are usually designed with security as a core feature. The question then becomes one of accessing the data without compromising security.
Instead of physically extracting all data into another system, data virtualisation enables business users to access and join data from multiple locations by using an open lakehouse. The open lakehouse unlocks data from multiple disparate sources and appears like it’s been pulled together into one physical system.
Instead of data being centralised, it remains distributed. This makes it harder for thieves to access all your valuable information with a single attack. For a thief to exfiltrate all your data they would need to understand your entire data architecture rather than a single database. And while data virtualisation simplifies access and enables users to join disparate data sets for analysis and other applications, it does this while retaining the security and access rules imposed at the data source.
This approach doesn’t limit organisations from taking other steps to protect data. For example, techniques such as data masking, encryption, tokenisation and anonymisation can also be used to further strengthen security and keep data away from unauthorised parties.
Data is an extremely valuable asset. But its value extends beyond the boundaries of the organisation that collects, manages and uses it. Malicious actors are constantly on the lookout for valuable personal customer information and intellectual property they can leverage for profit. And, as we have learned over the past few months, while data is powerful and valuable, organisations must now treat it like uranium rather than oil, unless they want to risk hefty government fines, increasing regulation and having their brand reputation with customers destroyed.
Data must be stored and handled with care. We must ensure access is limited to authorised parties and that it is not duplicated, which adds to the risk of compromise. Data virtualisation gives organisations the capacity to leverage data without increasing their threat surface. It allows analytics and applications to use data in a highly secured and well managed way. Which is exactly how uranium should be handled.