The Future of Data Security

Pavel Ignatov/Shutterstock.com

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
By Brian Fung,
National Journal

By Brian Fung,
National Journal

|

Systems are generally protected by a single password that, if broken, allows an intruder to run as far as he wants inside your system.

Imagine a library. Every night, the library locks its doors. But one night, a burglar manages to get in. All the books and manuscripts are gone, right? Not in this library. You see, in this library, most of the books themselves are locked down, and the ones the robber does manage to carry with him turn out to be outdated travel guides and self-help books from 1974.

Admittedly, this would be a strange way of running a library. But for businesses looking to protect their vital data assets, something like it could become the future. The concept is called “data-object security,” and it relies on a principle most people are reluctant to admit: All systems are inherently insecure.

The idea is actually as liberating as it is worrisome. Today, systems such as e-mail are generally protected by a single password that, if broken, allows an intruder to run as far as he wants inside your in-box. Networks and servers are similarly vulnerable; they’re little more than a lockbox for your data. But if you assume that the lock will eventually get broken, that frees your attention to focus on what happens next.

This is where data object security comes in. It’s a setup that doesn’t just protect data at a system level; it also protects the individual bits and bytes of data inside the system. What if every file, or even every cell in a spreadsheet, came along with a set of rules governing what different people would see when they opened it up? The rules might say, Bob from accounting can see one part of this file -- just the part he needs to do his work effectively -- while John, an outside federal regulator, might be able to see a little more, and Steve, at the executive level can open up that same file and see everything Bob and John saw, and more.

Here’s another way to look at it. If data security means defending the library that holds your information, data-object security is about defending what goes into the library itself. The two ideas are radically different, and according to Josh Sullivan, a vice president for data analytics at Booz Allen Hamilton, as more businesses come around to the latter, a common ideal promoting good data stewardship will emerge.

“It's a whole new way of thinking,” Sullivan told me. Take it far enough, and you wind up in a future where access to data is democratized. Right now, businesses jealously guard their information because once a file has been opened, all of its contents are visible to the reader and to whomever he or she sends it to. By contrast, data becomes more useful to more people when access is limited to only what they need.

With data-object security, firms and agencies will be able to track their information with more accuracy, too. For every piece of their data that gets called up by, say, an academic, businesses (not to mention all the academic's peers) will know where that data had previously been and where it is allowed to go next. In dataspeak, Sullivan told me, to understand the trajectory of a piece of data is to trace its lineage.

Rules about data can also be set up according to pedigree -- a measure of who is accessing the information (think tanks? high-school clubs? hobbyists?) and how useful they’ll find it (can you make accurate financial predictions with it, or is it only good enough to get a general idea of the market?). Remember that what makes this concept so powerful is that all of these attributes can be applied to the same file.

Data democratization requires businesses and governments to be a little more comfortable sharing -- and that raises privacy concerns. No commercial standard currently exists for ensuring data privacy, and in its absence, many are turning to a totally different field for answers: medicine.

“In HIPAA, we’ve got a process,” said Jules Polonetsky, a former chief privacy officer at AOL, referring to the federal law that determines who can view and share patients' medical records. “It’s been laid out, and it may or may not be perfect, but it says you must follow these rules and de-identify health data.”

Taking the same principles that govern anonymized medical information and applying them to commercial or administrative data may not need a law, Polonetsky told me. It might be that some common understanding could evolve among companies themselves. But using HIPAA as a model at least provides a baseline for comparison so that businesses know just how rigorous their data policies are.

Privacy advocates and proponents of data are often at odds with one another. One side generally views the explosive growth of data as a creepy development ripe for abuse, and the other often looks at data in almost utopian terms. Yet it’s possible that the new advances in security may create an opportunity to bring the two closer together.

“Data-object security gives you finer-grain security, but it also encapsulates the rules of, ‘How can I share this data, and with whom, and how long do I keep it?’ and you start to embed the stewardship of the data as descriptors on the data itself,” Sullivan said. “That’s the key to enabling data democratization -- where the right person can get the right data when they need it.”

(Image via Pavel Ignatov/Shutterstock.com)

NEXT STORY: Federal Reserve calls for chief data officer

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.