Blogs

Blogs

What does security mean in the world of big data?

0
By Topics | Data Management

As part of my Enterprise Analytics class at Arizona State University this fall, I cover security. While I know a fair amount on the subject, I sure wouldn't consider myself an expert. People like my friend, noted security guru Mike Schrenk, have forgotten more about the topic than I'll ever know. (At least I know my limitations.) Schrenk was kind enough to host a 20-minute guest lecture for my class in October via Skype and his insights fascinated me and my students.

We all know that security matters – or at least we should. More specifically, leaked quarterly earnings can spell disaster for investors out of the loop. Job postings on ostensibly "secret" projects can shed light into a company's future products and services. And then there are the routine, high-profile and increasingly dangerous hacks. Many, many hacks. But did you know that even boring metadata such as check sequence numbers might reveal a heck of a lot more than you would think?

Dangerous metadata

Schrenk described how one of his retail side businesses received monthly payments from a vendor. (Call it XYZ here.) Those check numbers seemed to be sequential. Here's a simple example of what he described with dummy data:

As shown above, Mike received an average monthly check of $28.10 from XYZ. However, the sequence of check numbers gave him an incredibly valuable and unexpected insight into XYZ's financial situation: The company only appeared to cut 20 check checks per month. Let's say that Mike's side business accurately represented XYZ's other customers. Equipped with this information, Mike deduced that the company was generating roughly $562/month in commissions. At a 10-percent commission rate, that meant XYZ sold about $60,000/year in total annual sales.

All from a little metadata.

Is this model foolproof? Of course not, and the only way to truly verify this information is to look at XYZ's books. As Mike freely admitted, for all he knew, XYZ paid different rates to larger or smaller vendors. Still, it's safe to say that XYZ management probably did not know that it potentially tipped its hand on the health of its finances via something as prosaic as check numbers.

Returning to the central question of this post, what does security mean in an era of big data?

The short answer is: Much more than you think. Schrenk's example struck a nerve with me. We know that employees shouldn't indiscriminately share confidential data with competitors and the public at large, but what are companies inadvertently letting web sleuths know?

Simon says: With security, there are more questions than answers.

I suspect that XYZ management is hardly alone in ignoring digital breadcrumbs and metadata. I certainly can't compile a list of everything that an organization ought to lock down, but it's evident that even seemingly useless information can be useful under the right circumstances.

Feedback

What say you?

Read Big data privacy: Four ways a data governance strategy supports security, privacy and trust

Tags data governance master data management Metadata metadata management security
Share

About Author

Phil Simon

Author, Speaker, and Professor

Phil Simon is a keynote speaker and recognized technology expert. He is the award-winning author of eight management books, most recently Analytics: The Agile Way. His ninth will be Slack For Dummies (April, 2020, Wiley) He consults organizations on matters related to strategy, data, analytics, and technology. His contributions have appeared in The Harvard Business Review, CNN, Wired, The New York Times, and many other sites. He teaches information systems and analytics at Arizona State University's W. P. Carey School of Business.

Leave A Reply

Back to Top