In my soon-to-be-released eBook, 10 Ways I Can Steal Your Data, I cover the not-so-talked-about ways that people can access your enterprise data. It covers things like you're just GIVING me your data, ways you might not realize you are giving me your data, and how to keep those things from happening.
The 10 Ways eBook was prepared to complement my upcoming panel during next week's ThwackCamp on the data management lifecycle. You've registered for ThwackCamp, right? In this panel, a group of fun and sometimes irreverent IT professionals, including Thomas LaRock sqlrockstar, Stephen Foskett sfoskett and me, talk with Head Geek Kong Yang kong.yang about things we want to see in the discipline of monitoring and systems administration. We also did a fun video about stealing data. I knew I couldn't trust that Kong guy!
In this blog series, I want to talk about bit more about other ways I can steal your data. In fact, there are so many ways this can happen I could do a semi-monthly blog series from now until the end of the world. Heck, with so many data breaches happening, the end of the world might just be sooner than we think.
More Data, More Breaches
We all know that data protection is getting more and wider attention. But why is that? Yes, there are more breaches, but I also think legislation, especially the regulations coming out of Europe, such as General Data Protection Regulation (GDPR), means we are getting more reports. In the past, organizations would keep quiet about failures in their infrastructure and processes because they didn't want us to know about how poorly they treated our data. In fact, during the "software is eating the world" phase of IT professionals making software developers kings of world, most data had almost no protection and was haphazardly secured. We valued performance over privacy and security. We favored developer productivity over data protection. We loved our software more than we loved our data.
But this is all changing due to an increased focus on the way the enterprise values data.
I have some favorite mantras for data protection:
- Data lasts longer than code, so treat it right
- Data privacy is not security, but security is required to protect data privacy
- Data protection must begin at requirements time
- Data protection cannot be an after-production add-on
- Secure your data and secure your job
- Customer data is valuable to the customers, so if you value it, your customers will value your company
- Data yearns to be free, but not to the entire world
- Security features are used to protect data, but they have to be designed appropriately
- Performance desires should never trump security requirements
And my favorite one:
- ROI also stands for Risk of Incarceration: Keeping your boss out of jail is part of your job description
So keep an eye out for the announcement of the eBook release and return here in two weeks when I'll share even more ways I can steal your data.