Data Silos: Helping to Support Cyber Risk Reduction

Setting the Scene

Since the dawn of time, the human race has endeavoured to make the things we need to do, easier and more efficient. It is an innate trait and driver of the human psyche, to constantly strive to reduce our effort and output - while preserving or (where possible) improving the outcome of those efforts.

Efficiency is an important human attribute, because we all know that time, money, and raw materials come at cost, and it is therefore important to conserve them - while maintaining an acceptable level of output (or results).

However, there are multiple instances of where a new, more efficient way of carrying out an existing task - or coming up with a game-changer (like the wheel, or the internet) inadvertently creates or leads to whole new ways for things to go wrong. Or for people to die, to make this as extreme as I can!

The fact is, if we had not created the wheel in the 4th century BC, life and work would not be as efficient as it is today. Travelling long distances by car, rather than on horseback (or on foot) enables an efficient means of travel (the same outcome, result) with less output (time, effort, sore feet).

That said, if the wheel had never been invented - then it is safe to assume that those 309,144 people killed, and 17.6 million injured, in?accidents?on British roads between 1951 and 2006 - would probably be a lot happier (or a lot more alive).

If Tim Berners-Lee (widely acknowledged as the inventor of the World Wide Web) had not done his bit for scientific evolution, there would be no such thing as cyber crime.

Big deal? Kind of. Cyber crime is now more profitable than the entire illegal drug trade, globally.

With every action, there is a consequence.

Cause and effect.

A?Cause-Effect?relationship is one in which a certain event (the?cause) makes another event happen (the?effect). And, a single?cause?can have multiple?effects.

Which brings me neatly to efficiency in software services your organisation might employ, and decisions you might make - on the basis of the fact you have data and information spread across your organisation - yet they are not connected. This disparate state is often viewed as inefficient, from an operational perspective - surely you want all of your systems talking and engaging with one another, right?

From an operational, efficiency perspective - yes. I agree, it makes perfect sense to connect up all your systems.

Yet, what if we look at this through a different lens. A lens that, by far, trumps the priority of efficiency.

That priority, is that of data protection and cyber security.

In a game of "Business Top Trumps", it will (should) win every single time.

No question.

In cyber security there are two schools of thought, when it comes to putting all of your eggs into one basket.

For example, if you put 10 eggs into one basket and you drop that basket, you`re going to smash all 10 of your eggs. Not so good.

If you carry two baskets with 5 eggs in each, you have reduced your risk - but you do have to have two baskets, which is extra cost. Or...you might want 10 baskets, 1 egg in each, and a few extra people to help carry them all!

The choice we have, based on the assumption you have 10 "data silos" each of which carries/processes essential data your business needs, is this:

1) Integrate them all, which means you only need access one "door" to get to all of your data. The risk? If a malicious attacker gets through that door, you`re in deep trouble - and the 10 silos suddenly become 10x the impact on your business

Or...

2) Keep them as disparate silos, and have 10 doorways in place - 1 into each data silo. This reduces your risk in terms of impact (ie if one door is "breached" the attacker only gets to 1 set of data), but gives you a much greater overhead - in that you need to watch 10 doors at all times, instead of just 1. And, sorry - your life might not be "easier"

Data Silos: Maybe they`re a good thing for your business?

In cyber-security "speak", what we`re talking about here is your attack surface, defined neatly by Aria Cyber Security Solutions, as:

"In software environments, a threat attack surface is the total number of vulnerabilities an unauthorised user can potentially use to access and steal data."

At this stage it becomes immediately apparent that we may have a simple, clear choice to make.

Efficiency, or Security?

Of course, nothing in life or business is THAT simple. However, if we consider (for example) a system that promotes making your life "easier", things become a little clearer.

This kind of statement is a huge red-flag, because rarely have I encountered a scenario where "easier" equates to a good idea or long term business outcome.

If the benefit on offer is "easier" then I`m concerned that the cyber security perspectives are not at all factored in to the broader product equation. Security by design? I don`t think the word "easier" would ever come into play.

However, if you DO feel the need to have an easy life, or to have all of your data in one place - then it needs to be cast-iron secure and watched at all times.

As Andrew Carnegie famously said:

The problem with this particular quote, is that Andrew said it in 1885, and we now acknowledge that (in respect of cyber crime) it is not a question of IF we will be attacked, but WHEN.

On which basis, I`m not sure watching that basket is going to cut the mustard, sorry Andrew.

So - in conclusion - what is your view on attack surface reduction, on Efficiency vs Security - and generally the pro`s and cons of integration of systems?

Are data silos actually, in hindsight, a good thing for your business after all?

Personally, based on the fact this is 2021, I think it is fair to suggest that we should not be considering the concept of prioritising ANYTHING over cyber security, other than human life - and that is a different article for the new year: Killware

I`ll leave you with a final quote:

"The right way is not always the popular and easy way. Standing for right when it is unpopular is a true test of moral character." Margaret Chase Smith

Actually...here`s another quote that rings very close to home on this subject:

"Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should." Dr. Ian Malcolm (Jurassic Park)

Have a safe and secure Christmas everyone!