I went to a very informative presentation last night by Professor Mark Ryan of Birmingham University. He is a specialist in computer security and the pitfalls of different approaches to computer architecture. It was a thought provoking presentation, particularly Mark’s views that a lot of current computer security issues stem from a potentially misguided desire by Microsoft to make platforms open and to allow automation of tasks.

The way these approaches have been applied coupled with the monoculture world of MS Windows/Internet Explorer/MS Office provides a large easy target for people intent on malicious exploits of computers. The fact that users now are repeatedly (particularly with Vista) faced with questions such as “Are you sure you want to run…” when they are using their computers puts a large burden on users to understand and decide whether an action is safe or not. For less computer literate users this can be particularly off putting and is likely to increase the vulnerability of computers.

A view was presented that Google Chrome OS is likely to be a far more secure environment, as key decisions about enforcing security will be controlled by Google with users ‘just’ using the OS. I think this also applies to SaaS offerings such as Salesforce.com. There are separate long term concerns about privacy (through other parties holding your data), but we will not go into that now.

So what are the similarities with data quality?

  • Many of the issues around computer security do not have direct parallels with data quality (e.g. worms and Denial of Service attacks), however, data quality may be compromised as a result of security issues
  • You would hope that malicious attempts to corrupt data as a part of normal business processes would be unlikely to occur in normal circumstances
  • The  parallel to an open computing platform allowing user changes results in applications such as Excel – very powerful tools if used correctly, but often a source of data duplication and quality issues
  • Many security exploits rely on the fallibility of humans, as stated  in a previous post data quality issues typically have root causes of human fallibility
  • If a closed and controlled environment (such as Google Chrome OS) reduces the risk of security exploits, then a similar approach with data (such as ERP systems, finance and HR applications etc.) should also reduce the risk of data quality issues arising, which, arguably, they do to a certain extent
  • The success of Google Chrome OS will be down to whether it provides users with the functionality they require with suitable usability. Similarly, for large corporate systems, if they are user friendly and provide the functionality that users require, then they will be succesful in minimising data quality issues
  • Arguably, the success of SalesForce.com against more traditional CRM models provides a good example of succeful functionality and usability
  • Mark suggested that whilst a closed environment would be suitable for most ‘normal’ users – developers and other techies will still require more open and adaptable systems. Similarly, in a business environment, power users require more powerful facilities and tools, such as Business Intelligence and development tools, to generate new insight from existing data

There are probably more parallels and differences, but the sample above may illustrate some parallels between the two fields.

Should Google consider developing a Google ERP after Google Chrome?

Tagged on:                 

One thought on “Similarities between data quality issues and computer security security approaches?

  • 3rd December 2009 at 12:24 pm
    Permalink

    There are two different requirements here. The first is adapability the other is security and to some extent these have conflicting reqirements.

    Just because a project is open source, does not make it easy to adapt and vice versa. Many opensource projects are written in a monolithic way and are hence not easy to adapt. Like wise something like the Linux Kernel is open source but most people would not have the skills to change or improve this.

    Contrast this with something like Excel or Maya, closed source projects which many people have extended and adapted using scripting or other add-ins.

    For the security analysis, simpler, non modular applications would be easier to check. Having the source code may help with checking security but it’s not the only way to test something.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.