Privacy 2022: we help you understand why it's important!

January 28 is International Data Protection Day. For our company, United Consult, it is a professional minimum not only today, but every day of the year, to keep cybersecurity in mind and to provide our customers with preventive advice on the protection of their data. However, today's World Day is a great opportunity, as a responsible IT company, to draw the attention of laypeople to the importance of this topic.

Why is World Data Protection Day and why today?

Although the importance of data and databases seems to have jumped enormously in the last 10-15 years, legislators have in fact realized much earlier how valuable and at the same time extremely sensitive treasure they represent for the economic and political power of the time. The possession of properly structured, and therefore easily manageable data could have given data controllers an advantage in many areas of life, so it is no wonder that various databases quickly became the object of abuse and the target of thieves. The rise of information technology and the spread of computers then fundamentally transformed the methods of data collection and storage, and legislators recognized the risks, in addition to the opportunities.

On 28 January 1981, a convention was signed in Strasbourg by the representatives of the European states providing for the protection of individuals with regard to the processing of personal data by machine. This is the so-called Data Protection Convention, and the date of birth of the document is the prologue of today's World Data Protection Day.

Hack, ransomware, phishing — there's a solution for everything!

I think that on the occasion of World Day, it is definitely worth thinking about how we will look at the issue of data protection in 2022 with the proliferation of big data solutions. Today, the clouds, GDPRIn a world where and when the amount of data measured in petabytes is almost daily, when users share 500 hours of video per minute on YouTube, the correct and efficient use of data is becoming increasingly important as well as protecting it.

All data storage is subject to the risk of leakage and unauthorized use, which is why, as I mentioned in the introduction, the issue of data security is much older than the history of big data in today's sense. We can think here of the “classic” hacking, called Ransomware(ransomware) attacks or just the Phishingre(for phishing). Fortunately, we have the right solution systems for these cyber security risks, which we must be able to apply regardless of the amount of data!

The spread of big data has brought new challenges

Perhaps the most ironic part of the security issues in the big data space is that many companies and technology solutions are trying to solve classic security problems with the help of larger amounts of data, and through them try to effectively detect the risks that arise. However, the large volume of data makes it difficult to use classical auditing methods, as well as encryption methods used elsewhere in software. I believe this may even lead to a particular on-prem or cloud infrastructure becoming the most unprotected on the entire network.

In such a system, not only the storage, but also the input and output protection must be carefully thought out; whether it is the vulnerability of the data entered through the IoT system or the exposure of an analytical dashboard. These problems can come from new, constantly evolving and immature technologies, for which safety is not necessarily the primary consideration.

It's not just about attacks anymore

The rapid development of the big data field and the explosive increase in the size of the managed databases have brought changes not only in practical solutions, in the cybersecurity technologies used, but also in the relevant legal environment. In the IT world, it is now necessary not only to pay attention to “phishing” emails, but also to respond appropriately to frequently changing legislation (such as the GDPR provisions). In addition to legal consequences, a loss of data can have other negative consequences: in our accelerated, informative everyday life, the possible loss of trust in companies and products is much faster if there is any sign that personal data has been handled improperly.

Of course, we can deal with these problems with existing and new tools. We can secure our infrastructure with firewalls and appropriate authentication systems. Examples include various proxies, cloud and on-prem authentication systems — such as Kerberos or IAM. At the same time, I would add that today, fortunately, the large cloud technology providers themselves are placing a huge emphasis on these services.

However, this is still only half the battle, as even with the best-designed systems there is a weak link: the man himself. A huge responsibility falls on the shoulders of programmers and big data professionals. Their task is to clean sensitive data and minimize the possibility of system abuse through the aforementioned technologies. It remains important at the organizational level to be aware of classic “social engineering” attacks and to provide adequate protection for all the endpoints where our data appears.

Data protection is a high priority

Overall, with the continued growth of the big data industry, data protection issues are becoming more and more challenging, and answering them is a top priority task for the IT sector as a whole. We at United Consult believe that we can provide quality and professional services to our partners and customers only if we guarantee the security of the data we handle with innovative solutions in our daily work.

If you are interested in the subject in more detail and would like to personally find out about data protection issues, please contact us at at any of your contactsand I would like to bring to your attention the Website of the National Authority for Data Protection and Freedom of InformationAlso, where you will find useful information about current regulations.