Disasters easily occupy our minds as they often make us glad that we are not part of them. We see them as a warning. It is why coverage is so common in the news. Similarly death.
Disaster and death are two dark subjects yet the truth is that death can follow disaster. If not death, then often damage. In life as well as in business.
During the development of my own software I find I have to consider risk a lot. There are risks inherent from my providers and partners, they could give me bad advice and or bad service. If I happen to get through and work with a solid platform (I use AWS (Amazon Web Services) and Microsoft DevOps to make sure) and I do, I still have to consider my intended users who eventually could be clients one day too.
You Are A Data Custodian
Even in the short term as I ready for beta testing on a current project I need to make sure that those who test do not suffer from ‘accidents’ and do not overtly share with competitors or are not so inspired that they may become competitors themselves. In the past I have had to deal with all of that, even before I get to release a finished product. More than once. It happens all the time. You can’t legislate against it. Yet you can protect.
In effect my partners, suppliers, beta testers and even future clients will become data custodians. Even though I do not give my code away I still need my data custodians to do their best to protect my data. Not just because I always strive to protect their data.
From the outset, the first thing, was to put protection in place. Even when the only thing to protect was the protection itself! The two primary systems I use for data protection are encryption and limitation. As we are all in one way or another data custodians, we could follow suit.
Online encryption is easy
Essentially I will only run data through a secure (SSL) website. This means that data between the end user and end server is 100% encrypted with the encryption unique and determined according to the SSL encrypted standards. So whether your access is in a hotel with an open wifi, or from within an otherwise secure cabled environment my users are automatically afforded the same level of protection.
As a custodian of our own data in most of the things we do, we should all take the time to make sure that we only use sites whose urls start with https, as this is the sign of an SSL encrypted website. This is not to say that the website is encrypted, as SSL merely encrypts the data you enter for transportation to the server. For instance an app on your phone connected to your bank would employ SSL encryption and a lot more besides.
With regard to a lot more besides, internally to my projects I employ Identity and Access Management (IAM) systems too. This means a user only gets access to resources when they are supposed to (limitation). So if someone were to get hacked the damage that might be done would automatically be limited.
The third key in the puzzle is that all variable data, such as that stored in the cloud is encrypted automatically at rest.
Truth is, all of this sophistication is supplied to me, although I do have to know it is there, take action by configuring it, turn it on and finally work with it. Many apparently take action and configure only to forget to turn it on. Actually a tall order in many ways as each element presents its’ own difficulty. Yet it is done.
The Shared Responsibility of Data Custodians
I have just outlined how I have shared responsibility with my suppliers and the lengths I go to in order to ensure protection and security is built in from the inside. I am a data custodian of their systems. I have to protect my access so people can’t get into the systems I use too. It with this that we should all consider ourselves data custodians.
Most people it seems consider that they are protected from outside threats on the basis that it is not their responsibility. While a car should not hit you when you cross the road, even though the driver will be found guilty, you will still have to live with the damage done.
You can get insurance and this may cover some of the costs. Yet it has been recently revealed that Hiscox an insurance company that specialises in Cyber Protection recently became a victim itself. Recently it had to admit that documents from a Hiscox lawsuit were taken from a law firm by a hacking group known as Dark Overlord. Oh dear.
Freedom Of Speech
For all those people who use and abuse social media, they abuse themselves too. Digital records become permanent as many a prospective MP (some current) know only too well.
You can’t blame social media for keeping a record, you have to accept personal responsibility for making it in the first place.
So although freedom speech is a good thing, you have to still be careful what you say as what you say you will have to live with. We all hope that there is little that will come back to us. Yet it is one of our responsibilities we all share.
The concept of shared responsibility is certainly not knew and it goes along with the policy of do unto others… that some seem to wantonly ignore. It will come back, it will bite.