4 Tips For Addressing And Embracing Data Security Issues
By Kamal Jacob
There is a lot of data out there. In fact, over the last decade, there has been an explosion in both the data generated and the data retained by the companies. Striding through tonnes of data and coming up with a real-world solution is considered as a superpower. No wonder, data science is considered as the most enticing job title of the 21st century.
However, not all is a cake walk. There are many challenges that hinder the day to day operation of a data scientist dealing with which needs a lot of smart thinking, informed decision making, and analytical skills.
Future data scientists, here are some challenges you might have to deal with:
Working without Concrete Objectives
Often data scientists are expected to find solutions for a problem they are unaware of. Instead of having the liberty to work on a solution, data scientists have to first figure out the business problem and define various aspects of it. As chief scientist at SnapLogic, Greg Benson says, “Data scientists often run into the issue of trying to add artificial intelligence or machine learning capabilities without concrete objectives”
Dealing with Raw, Fragmented Data
A typical data scientist have to put forth an overwhelming amount of effort to create a clean data set before any machine learning or artificial intelligence algorithms can be applied. However, quite often the data is presented in such a scattered format that accessing them and formatting them can be quite difficult as well as time-consuming. Data scientists have to deal with poor data quality ranging from insufficient data to scattered data, hidden data, repetitive data, and so on. The primary challenge may be how to use the (enormous amount of) data, how to clean it, how to analyze it and how to build working models from it. All this take tremendous effort that often goes unnoticed.
Explain Technical Concepts to Non-Technical Audiences
A data scientist is usually working around technical terminologies. So, it doesn’t come as a surprise that most of their findings and conclusions are in technical terms as well. While the data scientist might be excited to share all the technical complexities and the long-drawn process they took to come to the conclusion, the stakeholders are only interested in the key findings and action items. Communicating effectively with a non-technical audience of other departments and making them understand why your model is of value to business stakeholders can be a source of frustration for data scientists.
Data security is one of the major challenges faced by data scientists today. Given that data is extracted through a lot of interconnected channels, there are multiple doors for a hacker to attack. It is difficult to implement security tools at all these ‘doors’ because these tools at times cannot distinguish between a genuine user and a hacker thereby hampering the data extraction process. Also, owing to the confidentiality element of the data obtained, data scientists face challenges in data extraction, data usage as well as in building algorithms.
A Deep Dive into the Issue of Data Security
The following characteristics of data security challenges stand out in the context of data science:
1) In most data science solutions, a humongous amount of business data is involved. The team of data scientists might be dealing with millions or billions of records, which can have a tremendous value of sensitivity depending upon the problem domain.
2) Not only is the volume of data is huge but to give an all-round solution, data scientists need to consider all attributes and dimensions of data. This contradicts with the ‘data minimization’ principles of privacy.
3) What makes data science different from traditional engineering is that all point data scientists are dealing with precious real data. There is no ‘dummy data’ at any stage. At all points in AI and ML, various stakeholders and systems are ‘learning from real data’. The real data gets into the system and remains there as it never did in the past. So many iterations for multiple varieties of data can disrupt even the most secure data governance system.
4) From a security standpoint, data science is still evolving. We are looking at a lot of new tools, frameworks, systems and system combinations. There are still a lot of unknown security threats because new tools often take time to become ‘secure’. Add to that the new stakeholders may not always have an even aware of the security
5) Given that data science has made a way into all walks of our lives, we are dealing with countless obscure data and record formats. Solutions involving so many systems and interfaces have to account for multiplier effect and are vulnerable to security bugs and failures.
4 Tips for Addressing Data Security Issues
While this may seem intimidating, security practitioners have a history of dealing with these challenges. The basic principles of good security still remain the same. Data security depends on how you mold the traditional practices to address the nuances and unique requirement of the new ecosystem.
1) Have a Good Data Governance Structure in Place
Ensure that all the team members, as well as stakeholders, are well aware of the basic security and privacy such as data authorization, classification, protection techniques as well as the applicable policy and standards. The main goal is to ensure that all stakeholders have a clear understanding and ownership of security and privacy as the data moves through different stages of the workflow. Given that data circulation in data science problems is huge and widespread, it is important that everyone uses the same terminology and follows the same privacy principles
2) Enforce Encryption for Accessing Critical Data
Business data can be classified into two broad categories – Public and Protected. While there is not much fuss about the security of public data, protected data needs to be kept secure and confidential. The first step in doing so is to identify the protected/sensitive set of data.
Once identified, you should further classify the sensitive data into ‘data in motion’ and ‘data at rest’. For data in motion, employ encryption techniques (such as SSL, TLS) to ensure the confidentiality and integrity of data are secured from eavesdropping. For data at rest, encryption techniques, such as SHA256, along with appropriate controls, such as role-based access, strong authentication mechanism are applied.
3) Perform Up-front Threat Modeling
Diligent threat modeling of solutions will ensure that the security is built-in into the design. When threat modeling is done at both component and end-to-end level, it ensures that appropriate security requirements are met at every point of data transmission. Given that production data is involved at every stage, it is important to thoroughly cover all workflows in the threat models while giving special attention to the boundaries and interfaces between different sub-systems.
4) Embrace Secured Programming Practices and Proactive Monitoring
Ensure that the development team follows the secured programming practices. Invest in educating your developers about potential security threats applicable to the solution, ways to mitigate them and tools to monitor threats. The OWASP Top Ten could be a great starting point for ensuring secured coding practices, followed by implementation of the tools for security monitoring.
In addition, ensure that you use the appropriate server and network hardening mechanisms, keep your software components patched and upgraded with the security-related fixes and conduct periodic reviews to assess the overall security situation at your organization. Also, opting for data science security courses will help them understand and embrace secured programming practices.
Finally, it’s vital to have a good incident response plan that describes the methods to deal with any security breaches and security-related disasters gracefully.
For data scientists, data security is one of the biggest challenges faced while extracting data because of the volume and sensitivity element of the data. So, there are no shortcuts there. But through effective analytics system, data science can enhance the cybersecurity industry. With the help of additional security checks, advanced use of machine learning & use of cloud platforms, cybercrimes & fraudulent practices can be resolved. It allows data scientists to come up with more operative and active measures to prevent cyber-attacks.
In addition to all the preventive measures, it is also very important that data scientists upskill themselves and learn about the latest data security measures and practices. Online security courses like HackerU’s cyber security courses, and analytics courses not only will help you tackle the issues like data security but also can help you make a career as a cybersecurity professional in this highly demanding field of data science.