We want to briefly touch on the topic of databases, security, sensitive data and related challenges. Our CEO Tatiana Krupenya shared her thoughts on this with CyberNews. Read the full version of this interview on CyberNews.com
What are some of the worst mistakes companies make when handling large amounts of data?
I believe that one of the main mistakes leading new projects or even companies to severe problems is the wrong choice of databases for solving their tasks. These days we have hundreds of databases: relational, BigData, and NoSQL. It’s easy to get caught up in trends, great promotions, or advertisements, and the path is often a dead end.
Biased decisions at the start can become obvious when the company’s founders try to scale their business, and the failure to timely migrate makes the situation even worse. I heard stories about projects tied to database limitations so many times that I wanted to recommend thinking at least twice before choosing some database for your project.
Another interesting issue is more often can be found in big old companies. These companies have collected data in their databases for years. The storage and processing of big data carry a great responsibility regarding security. And the most trivial step that many companies take at this stage is to limit access to data for most employees completely. I believe that modern business has to be data-driven. You must analyze the information you have to make any business decision.
If you have a large amount of data, you need many people who will work with them. Almost all databases these days have advanced security settings based on roles and permissions compatible with high-security standards. The companies who set up their infrastructure for working with data on different levels will win in the market.
Do you think the current global events are going to have an influence on the ways in which threat actors operate?
The world does not stand still, especially in terms of technology development. It makes the problem of storing and transferring personal data and other sensitive information more and more critical and challenging to solve. Small companies are struggling a lot, as they often lack the resources to implement sophisticated security systems.
Previously, small security holes could go unnoticed for a long time, but in today’s world, you can lose essential data in just a few minutes. That’s why regardless of the size and development strategy of the company, it is important always to keep abreast and make timely decisions to improve the security level.
In your opinion, what IT and cybersecurity details are often forgotten about by new companies?
There is not something new here. It’s much easier to follow the security standards from the beginning of the project than trying to meet their requirements when your system is in production already and has real customers, especially when we are talking about the data.
I don’t want to say that you have to use all possible security tools and methodologies; sometimes, you don’t need them. But it’s not something that we will think about later. At each stage of the company development, we have to evaluate where we are and what we have to do to make the customer journey safe.
Why do you think companies often hesitate to try out new and innovative solutions that would enhance their business operations?
The answer is straightforward: trying innovative solutions is often difficult and expensive. Companies need to have experts who are familiar with new technologies, or they have to educate their employees. The migration process from one technology to another can take months, in the case of databases – years. And, of course, no one can guarantee that this new technology won’t die in a year or two.
Because of that, for example, some financial companies are ready to embed new technologies only if they are 5 or even 10 years old (and not new, actually). Is it good or bad? I can provide arguments for both. The decision depends on every particular case.