Home » Topics » Cybersecurity » The spiralling costs of unnecessary security and privacy

The spiralling costs of unnecessary security and privacy

Avatar photoby Ben Rossi

The IT world may never reach a consensus on exactly what does or does not belong in the cloud, but it should at least be agreed that all impersonal data belongs in the cloud.

Impersonal data is information that is 100% anonymous and in no way exploitable. It’s the metaphorical muck that hackers could accidentally catch on their phishing lines. They cannot use it to steal identities, commit fraud or blackmail organisations.

Personal data, on the other hand, is the sensitive, private data companies spend billions of dollars protecting. It is the reason why banks, healthcare organisations and government entities must meet strict security and privacy regulations.

When stolen, this data makes headlines and raises alarms about the safety of everything digital.

>See also: The disappointing truth about data privacy and security

Too often, people fail to make a distinction between organisations that deal in personal data and software that deals in personal data.

Some IT systems do handle bank account information, medical records, classified documents and other things that do not belong in conventional cloud environments.

However, employees in those same organisations use software and hardware that generate heaps of impersonal, un-exploitable data.

Log files are a good example of that impersonal data. IT administrators can analyse them to find patterns and address reoccurring problems that lead to lost productivity and wasted resources. But hackers can’t do anything with those log files.

So why do organisations insist on storing hardware and software log files in on-premise data centres? The cost of on-premise IT analytics rival the value of the insights they’re supposed to generate. It is the epitome of unnecessary security and privacy.   

Consider the setup you need to store and analyze IT data on-premises with a business intelligence (BI) solution. The BI requires roughly $20,000 per year worth of Microsoft Server licenses. Tack on the costs of hardware, installation, security, monitoring, maintenance, and support, and the ROI practically vanishes.

I respect the DIY mindset (We’ve got this, let’s learn how to do it!), but IT departments can take it to an extreme. If you’re going to create an on-premises data center for impersonal data, you might as well make a homemade word processor, spreadsheet app, and email client while you’re at it.

If an on-premises data system cannibalises the money it’s intended to save, there’s no point. And if an organisation accepts the argument that impersonal data belongs in the cloud, it has two options: infrastructure-as-a-service (IaaS) or software-as-a-service (SaaS).

With IaaS, users eliminate the cost of building and maintaining a data centre, but still face the challenge of implementing software. It’s like renting an unfurnished home. The hard work is done, but you still have to decorate and furnish the place to make it habitable.

SaaS is more like renting a furnished home – all the basics are waiting for you. You don’t need to waste your time searching for a bed, microwave, or rug that ties the room together. You just fill it with consumables, which in IT are the impersonal data points you want to analyse. 

Even a half-decent cloud provider will back up data in multiple locations. An organisation’s IT service metrics are not going to become a source of blackmailing, scandal, or whatever else you might fear. A hacked email or Facebook account is worse than a breach of impersonal data.

>See also: Privacy vs. security: how businesses can master the balance

IT analytics can make life better for IT people, but only if they can access them with a reasonable investment of time and budget. There’s nothing reasonable about doing IT analytics on-premise.

Vendors parade big data around like a knight in shining armour who has to come to rescue businesses from their tower of ignorance. But when organisations decide to spurn the cloud or ignore the best tools at their disposal, they are basically throwing stones at the knight ascending the tower. It sends quite a mixed message.

By all means, organisations should put credit card information and medical records in the safest place they can find (which is still probably a type of cloud environment), but they need to stop building fancy custom homes for data that would do just fine in a rental. Whether you trust the cloud or not, accept that different data calls for different precautions.

 

Sourced from Sarah Lahav, CEO, SysAid

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise