Time for Things to Change with Data Security
I think we’re finally at the point where we’ll have to devise new and better ways of managing information stored. While there are some tools available today that we need to be taking advantage of (encryption, access controls, etc.), I think the value of information is the critical thing we need to solve for.
We need to make the information worthless when it’s used incorrectly. Credit card numbers are interesting (to put it lightly) to criminals because they can use them. Why? Why is it the only indicator of ownership and identity the numbers on the card? Things as simple as authorized use lists (I’ve allowed this store or service to charge me) and multi-factor authentication (confirm via one-time PIN and a smart phone or other means) make the credit card number worthless. Worthless things don’t get stolen.
There is a LOT of data out there, sure. We need to figure out how to control identity and control use where it matters. ID numbers, credit card numbers, it’s all quite possible to protect, but it’s going to take work. What’s changing is that people are beginning to care, and they’ve had enough.
Noticed this article on eWeek about the RSA conference and the fact that speakers are cancelling because of NSA involvement, because of all of these revelations about "partnerships" that provide access to our information. (Read the article here)
This is the start of real change (I hope) and a big change in the types of things we’ll have to be working on and watching out ofr in the data storage systems we all work with daily. My suggestion – stay on top of things that are happening. Contribute, read, see what’s going on and what suggestions are being made. Most importantly, make sure we all keep an eye on what the impact will need to be, what technologies and techniques are needed, and what it’s going to take to finallly start addressing these things.
We can figure this out and I think it’s all getting under way now – at last.