There’s a great deal of digital real estate devoted to advising businesses on the importance of protecting information assets from hackers, and making the best of your data by sharing it broadly, and drilling into it deeply.
Analytics applications are extremely powerful — they:
- Process vast amounts of information quickly
- Extract data with scheduled, or ad hoc queries
- Present it in a format which is easily understood
These same business intelligence software advantages are potential data security vulnerabilities, if the right safeguards aren’t in place. Some of those safeguards are policies and practices, while others require investments of time, money and attention.
Opportunity vs Risk
Business intelligence represents great opportunities for businesses that have the right people, processes and technology in place. According to a recent ComputerWorld survey, 50 percent of respondents are increasing their IT security budget. 41 percent are increasing their analytics investment. Another survey found that 35 percent of respondents considered security concerns to be the biggest obstacle surrounding data analysis.
The analytics software space is packed with vendors looking to cash in on this opportunity. Proof positive is how hot the big data market has been over the past several years. New data frontiers like social media, mobile ecommerce and web content performance represent new challenges and opportunities for insight for companies of all sizes.
High profile data breaches of organizations like Sony, Anthem Insurance, the voter database and Home Depot demonstrate hackers can cause all sorts of havoc for even the largest businesses. Since analytics systems are reaching into internal systems and out to cloud and external web repositories, there are new risks which CIO’s and data professionals need to take into consideration.
Analytics of Security Data
Security Information and Event Management systems are powerful analytics solutions in their own right. The latest security analytics systems are positioned as more advanced than SIEM could offer. Threat Analytics/Intelligence solutions, delivered via the cloud by companies like FireEye, Palo Alto Networks and Fortinet are seen as the next generation of security intelligence. Traditional BI vendors collect a lot of data from various repositories such as ERP, CRM and asset management systems, though they have typically left security and threat analytics to the leading vendors in that space.
Since privacy and security are key focus areas in 2016, it will be interesting to see if some of the self- serve analytics vendors build plug-ins for security analytics systems. The big data security era is reportedly upon us, though IT infrastructure and line of business big data remain separate for the most part.
Responsible Data Democratization
Sharing business performance information across your company should be carried out on a “need to know” basis. Providing permission-based access to data visualizations and executive dashboards should be provisioned with consideration of:
- Data privacy
- Access to information based on roles and decision-making responsibilities
- If employees or management need ad hoc access to sensitive data, they should justify the reasoning and intent behind it
The process of logging all inbound and internal network traffic takes a lot of computing power and storage space to meet regulatory requirements. Data flows are rapidly increasing across networks, to and from people, devices and sensors connected to the Internet of Things. There is more pressure on analytics and security systems to be able to scale and maintain consistent performance.
Analytics and Cloud Security
If your company has moved your information assets, and your analytics system to the cloud, there are still a number of security considerations to be aware of. The ideal situation is a BI SaaS provider with a wide spectrum of application connectors.
Many cloud analytics vendors have adopted REST API’s to connect to systems like:
- Web analytics
- Marketing automation
- Social media channels
Standards-based API’s, certified by credible sources makes for safer analytics hub than coding your own connections. Analytics engines are often at the center of multiple systems, which makes them a potentially lucrative target for opportunistic hackers. Since many data breaches are as a result of employee activities, it emphasizes the need to govern access to reporting systems.
Evolving Network, Storage and Encryption Models
With hybrid network environments, hackers often bridgehead into a cloud application, either through phishing, or accessing a system through a social engineering scam. They then might leverage a business intelligence system to breach your systems. Strong password authentication and caution about phishing and hackers. Limiting user access to a finite amount of information based on their role is another way to mitigate your risk.
Big data means big responsibility. There are many layers of IT security with an on-premises data environment. Firewalls, intrusion prevention systems, vulnerability management scanning apps and other hardware and software are only the beginning of safeguarding corporate or organizational data. These systems are also in place in a cloud vendor’s datacenter, it’s just the management of the gear which is someone else’s responsibility.
When you outsource your data management infrastructure, your business assumes significant risk by entrusting a third-party company with a lot the responsibility of your business information. Adopting Infrastructure and Software as a Service services in unison is common for many businesses.
In some cases, companies that contract with companies like Microsoft (for Azure and PowerBI) or IBM cloud services with Cognos can mitigate risks with a single vendor for security, BI and application hosting. With any vendor, data security is a shared risk, most importantly among the executives and employees of a business.
Businesses that invest in analytics systems, looking to be able to make confident, strategic solutions need to make sure their data is protected from outside vulnerabilities, and from potential manipulation or leakage by employees or contractors. IT security-specific analytics are said to be in the second, or even third generation of event tracking.
Keeping pace with information governance trends and threats is not just IT’s responsibility, it requires commitment from every employee and executive in your company.