The Data Exec Series: 3 ways to mitigate InfoSec risk in your data projects – that you might not have thought of

By Rob Kall, CEO & Co-founder Cien.ai

Is Everyone Getting Hacked These Days?

Watching the news, it is easy to think so. New incidences are announced weekly, including in the last few weeks where a data platform such as Snowflake exposed client data for millions of AT&T customers and other companies. At the same time, there is increased pressure for all execs to become more data-driven. How do you make sure the risk profile is as low as possible for your data projects?


Proper InfoSec Processes and Compliance

These are the basics. Most large organizations today, have an InfoSec team and compliance processes in place. If you also have certifications and 3rd party audit you are meeting the minimum requirements. Unfortunately, even companies that have SOC 2 compliance and ISO27000 certification have sometimes been compromised. 


Additional Effective Data Mitigation Strategies

Let’s take a look at three other ways you can minimize risk:

  1. Mask all non-needed sensitive information
  2. Don’t retain data longer than needed
  3. Don’t copy your data to other locations unless necessary


First, make sure that your data is as “useless” as possible to a potential hacker. The most valuable data points are credit card numbers, social security numbers, etc, that can be sold on the dark web. Never include those in your data model unless absolutely necessary. But with new legislation like GDPR, PII (personally identifiable information) is also problematic. Hackers know this and can sometimes demand a ransom to not reveal the hack. So, mask or remove that data as well if possible. E.g., If you are creating a data project to determine what type of customers are likely to buy a certain product, the model does not need names and emails, etc., because those data points have no impact on the outcome.

Secondly, data that has been removed cannot be stolen. If your data analysis project is only  concerned with the 2 most recent quarters of data, make sure older data is automatically erased.

Thirdly, every time you copy data to another server location, you increase the “risk surface”.  These days it is often possible to keep the data in your current cloud environment (a so-called “zero-copy” architecture) and analyze it there, rather than copying it to another vendor’s cloud which you don’t control. 


Conclusions

As a data executive, I have spent a lot of time, getting various clients, partners, and other stakeholders comfortable with a data project. The key is not to talk a big game of how you have perfect security. The truth is that no one does, but to show how all the things you do (e.g. security processes, data footprint, and cyber insurance), all together minimize the risk of an embarrassing data leak. At Cien.ai we have employed the techniques above, to land projects with some of the largest and most security-conscious businesses in the world. This allows you to get the needed insights and transformation support that fuels the growth of the best companies in the world.  


About the Cien.ai Data Exec Series  

This article is part of our Data Exec Series, inspired by our work with B2B business leaders, growth consultants, and PE operating partners. These articles focus on the aspects of becoming a data-driven executive, ready for the AI revolution.



Contact

Rob Kall, Cien.ai, +1 305 496 4404, media@cien.aiwww.cien.ai

SOURCE Cien.ai