Today I was going through airport security with my wife. I got randomly selected for a screening, which consisted of wiping my hands with a cottonish fabric and sending it through the scanner that detects explosives or something like that. After the screening, I commented to my wife, “so don’t all the terrorists know to not go to the gun range or handle their explosives within 24 hours of going to the airport? It seems to me that this particular screen is really not a deterrent. Any half intelligent terrorist worth their salt has got to have investigated TSA, right? ((if I end up on some FBI watch list for this post, I’ll be both highly amused and highly irritated at the same time))
I’ve been trying to figure this out for ages. You see, the problem is that even if you have stricter limits on access to fields and tables in your security setup, even if you limit the number of users to sensitive information, you should not assume that your data is any more secure from unauthorized sources. All you have done is make it harder to access. Now, I’m not saying that making it harder to access is not a worthwhile exercise. It is. But let’s be honest with ourselves. Harder was not the goal. Impossible was.
Pretty much every reporting engine in the world allows you or the user to somehow download the data. Before we lay blame on the vendors, let’s realize that it’s our own fault – we placed it as a requirement in every single RFP, or we “ooh’d” and “aah’d” when they demo’d how easy it was to download to MS Excel. Either way, we lose all control over data security once data is downloaded by the user. Privacy controls are voided, confidentiality issues arise, and we have no idea where the data ends up. Not that this is all our fault either. People who have security access to compensation data for example should know better than to email that stuff around.
There are a couple of nice solutions though, but I’m not sure how perfect anything is since at some point most of our organizations need to have data stored or downloaded. We could of course disable downloading, and every manager, finance person and HR practitioner would just have to pull up a dashboard and view the data in real time. Right… At the same time, I’ve been advocating that all HR decisions are based in facts and data, and I can envision a world where meetings get really dull when we gather executives around the table but were not able to prepare decks full of analytics beforehand.
Here are a few things you can do to improve your reporting data security:
- Make sure managers are certified and trained regarding their data responsibilities when they become managers and every year.
- Review your security access periodically to make sure sensitive data is being accessed by the right roles – some roles may no longer need the permissions over time.
- Build a prominent warning at the top of reports when data is loaded to ensure that dissemination of sensitive data is a breach of security.
- Scrub your reports frequently – you may find old reports that are run with sensitive data that is not necessary based on the purpose of the report.
This is just one of those problems I keep grappling with. We keep giving managers and non-HR functions access to more data – I do believe the business requires it. We want everyone to be able to make decisions in real time, but we don’t trust our partners fully either. I’m also completely uncomfortable giving up and going with the idea that some data is just going to slip through or saying that it’s just a change management problem. Anyone have any thoughts about what they have done? Please ping me.