The Facebook/Cambridge Analytica data breach that was recently exposed came at a time when construction companies were becoming more interested in moving data about their projects into the cloud.
At the same time, more firms have been offering Software-as-a-Service, or SaaS, by using cloud technology.
The breach at Facebook involved millions of users, with about 600,000 of them in Canada. But since the largest percentage of Facebook users are individuals, the data harvested was largely personal data.
Project data, usually offered by hosting companies using cloud technology, would not have been affected.
Christian Ste-Marie operates KeepConnected.ca, an Ottawa-based tech firm that makes extensive use of cloud technology on behalf of the company’s clients. He said the big advantage of having a cloud service is that you don’t have to be constantly upgrading and worrying about your own backups, because you’ve given that responsibility to another company which maintains your data and looks after software upgrades.
The monthly fee, he said, is “less than it would cost you to have everything done by your company internally.”
He added as a subscriber you have to be sure that the company will not only protect your data but also provide physical protection.
“If the host’s server goes down, is there redundancy?” he said. “Does it have another server or servers so that your uptime is as close to 100 per cent as possible?”
The host must also be able to protect you from cyberattacks, he said. That means firewalls and other anti-cyberattack methods that the host uses.
“It’s always good to ask questions about these things,” he said.
But the subscribing company, the customer, has some responsibilities too.
“That means passwords should be changed on a regular basis – at least once a month,” he advised. “It also means having a secure, up-to-date list of the employees who have access to the system, and making sure that any limits to that access are clearly spelled out.”
Ste-Marie said one of the big things that came out of the Facebook/Cambridge Analytica event was the number of things people choose to share on platforms like Facebook, and with whom they choose to share.
“If I use Gmail, all of my mail is in the cloud. But if I get an email, I expect to be the only one who sees it. I don’t expect other people to have access to that,” he explained. “But if I post a picture of my daughter on Facebook, I’m purposely sharing that with the world.
“So, when you post things online, you want to think twice before you put it up there.”
He said when contemplating having your data hosted by a SaaS company, the questions you ask should be focused around the data protection and security measures they have in place, on top of implementing your own security measures to make sure access to your data is never compromised.
Ste-Marie said “two-factor authentication” should also be used. It’s a system that has been around for several years but not put into widespread use until fairly recently.
“When you’re logging in to an online account, you come to a lock-screen, where you have to enter your password. That’s your first line of defence. The second line is when another screen pops up asking to enter your code,” he said.
“That code is sent to your phone as a text message. Entering that code gets you into your account.”
These six-digit passcodes are changing all the time, so if you log out of your account, then decide you need to get back in, the first passcode sent to you will no longer work. When you get past the lock screen, you will be sent a new code.
He said so far not a lot of people take advantage of this form of authentication because it slows down the process of getting at your data. That makes people impatient, he said, “but there has to be a balance between security and functionality.”
Ste-Marie said a SaaS company is more likely to have a higher level of security protecting its servers and client data than a construction company.
Construction companies “focus on the construction industry and not the IT industry, so usually, their security and the hardware is way behind the times and, if anything, more vulnerable to be attacked, because everything is connected on the Internet now.”
There are a couple of think-tanks that specialize in studying the problems that surround the mountains of data generated every day.
The Centre for International Governance Innovation in Waterloo, Ont., notes most governments, including Canada’s, have yet to establish policy for regulating what it calls the “data economy.”
It says the framework for this economy “has been set primarily by those private actors for whom control of data is most central to their existence, such as Google, Amazon and Uber.”
It says the market for data will be built with or without governmental action, “but government involvement is necessary in order to ensure that this market functions in a socially optimal manner rather than in the interests of its most powerful actors.”
It also says, “a society based on exploitation of knowledge requires constant surveillance in order to function properly and efficiently,” adding “this surveillance conflicts with…the norms supporting a liberal-democratic society.”
In England, the Open Data Institute has been pondering the problems of building an open, trustworthy data ecosystem since it was founded in 2012 by Tim Berners-Lee, who invented the World Wide Web, and Nigel Shadbolt, an expert in artificial intelligence.
An important part of the institute’s work is to help make data “as open as possible while protecting people’s privacy, commercial confidentiality and national security.”
It also supports practices “that increase trust and trustworthiness by building ethical considerations into how data is collected, managed and used.”
Working through a series of partnerships, the institute helps people find ways their data can be used effectively in their particular sector in the hope it will improve decision-making and deliver more efficient and effective services and products.
Recent Comments
comments for this post are closed