Why Isnt Anybody Talking
About Security?"> But what really struck me was a conversation I had with Dietrich Falkenthal, a computer scientist from the Boston area. The reason he was at the forum was to get a sense of the state of the commercial industry, particularly in terms of security vulnerabilities associated with storing and processing of critical data in BI applications.Whereas the primarily commercial enterprises represented at this BI forum were concerned with data that would give them, say, better pricing, whats at the heart of all this BI is sensitive competitive information that could be used in nasty ways by companies competitors. "BI is shared among companies in supply chains," he said. "If you get in there and manipulate it, you could cause an adversarial company to make some wrong decisions," Falkenthal said. "Business intelligence applications are a likely target for malicious attack from hackers, disgruntled employees or others. Such attacks probably occur, but it may not be in a companys interest to let us know about it because news about potential tampering with data utilized for business decisions could have material effects on the firms." Falkenthal was also interested in visualization technology. The key is not the amount of information that can be collected from sensors, user inputs or other data sources, but how to make it useful, especially in tactical environments. Visualization technology is important to medical services, law enforcement and the military, for example, because they have a limited time to make decisions. What cant be done with current technology, as far as Falkenthal could discern, is to come up with automated tools to intelligently handle complex real-time data. "Now, even when people are presented with visual data, if its the wrong data presented, we can reach the wrong conclusion," he said. "Tools are needed to process a lot of data and take some burden off users. Essentially, to do a smart push of important data that the user doesnt yet know he or she needs. For the most part, its still garbage in, garbage out, but visualization tools may help." Falkenthal wasnt talking about data cleansing, per se, where records are combed through to eliminate name spelling variants, for example. He was talking about incorrect data correlations. He didnt give me any specific examples, but I can imagine plenty of scenarios where you dont want police officers or airport security personnel to jump to the wrong conclusions because of incorrect data correlation. "An interdisciplinary approach involving technology, economics, organizational and policy perspectives is needed to correlate data of this nature, because these systems are too complex to analyze or design using traditional systems engineering approaches," he said. Research in this area is new, but he pointed me to universities such as MITs Engineering Systems Division or to companies and research labs that are really thinking about the future. "Embedded BI, visualization, decision-centric tools, real-time decision-making and business process automation are all necessary to empower the end user in what we call the extended collaborative enterprise," he said. "This is all about pushing out power to the edgeto the end-user." Interesting. I didnt have the opportunity to follow up with IDC analysts about this security issue, but theres always tomorrow. Check out eWEEK.coms for the latest database news, reviews and analysis.
Specifically, why doesnt anybody talk about security around all this extremely sensitive information in BI?