Monday, 12 January 2009

Is data security an Inverse-Square law?

We are all taught at school that many physical processes follow an inverse-square law. For instance, the force of gravity between two masses becomes four times weaker if the distance between them doubles. Similarly, the electric force between two charges also obeys such a law. I am beginning to wonder whether the effectiveness of data security also diminishes with the distance the owner is from the data.

The report produced by PwC shows that the data protection habits of hundreds of financial services firms are deteriorating. Around a half of those companies surveyed said that the data hygiene required of their out-source providers was not at the same level that the companies require internally.

Although it seems that the effectiveness of data security diminishes if the data is outsourced, the original data owners believe otherwise. It is amazing that even without performing any due diligence around 80% of firms were “somewhat” or “very” confident in the security practices of their outsourcer.

How many links are there between the personally identifiable data you collect about customers and where it is held? Consider the SI who now owns and operates the data center. What about the data kept in the emerging “cloud”? Don’t forget to add an extra amount of “data distance” for where the backups are held.

What is the true effectiveness of the data security now?