I have been luckily invited to attend one of the Computer Weekly CW500 clubs tonight to speak on data protection, privacy of that data and how it can impact the IT department. We are all aware of where data is within our companies and organisations but unless you are privileged to have a dedicated information security team do you really know where this data is and more importantly how it flow’s through your internal or external systems?
I am not a dedicated information security expert or data security controller but I do have a passion for security, hacking and thinking outside of the traditional model. Currently for those who know me I am working on a large transformation programme (the biggest in the history of the company) we are changing every aspect of application, infrastructure and business process – along with this comes detailed understanding of how data moves through systems just think about the following:
- Do you know every interface of your critical systems?
- Are these documented? Where are the human touch points or data manipulation / transformation?
- Do you have audit or reconciliation checks on these interfaces.
- If they go external how secure are these?
I am sure some of these, or even most of these are point interfaces going from Application A to Application B and if you needed to extend or move this interface you would need change both ends of the interface.
This is where the Service Orientated Architecture comes in and the concept of building reusable services, think of this a intergeneration layer or gateway in which all interfaces and data flows through, some of the benefits of this approach:
- You only need to amend a single payload or side of the interface if this needs re-pointing (for example changing a line of business application).
- You have a central point in which you can audit and secure the data flowing through.
- You can reuse or re-purpose that data to feed into another system.
And many more benefits….
As and when you migrate data from system to system you need to think about a) how sensitive that data is and b) how will you reconcile that data (if the source system sent 10,000 data sets with a hash of 123, has the target system received the same values). Then thinking about strict dress rehearsal loads, a dedicated testing team with detailed scripting and expected outputs.
A may do a more detailed post on a standard migration approach and how you need to work heavily with the business to ensure they understand they own the data, IT administer the systems and access to the systems but they do not own the data – in some businesses if you ask these questions who may be surprised at what the business turn round and say!
So this is a brief summary of the theme of my presentation, 15mins max so this will have to be a whistle stop tour and I have not even talked about IT Consumerisation, Cloud, Big Data, how the generation X,Y and Z will impact us – meshing their private data (which to be honest do you know where it is all stored!! Facebook, Linkedin etc) with the corporate data plus the proliferation of Bring Your Own Devices (BYOD).