Smartly Secure, Securely Smart
Speaking at the sidelines of Netapp’s Secure Cities Dialogue event in Singapore, Netapp’s East Asia Managing Director and VP, Krishna Arani said, “(Storage) always has to think of data even when not being used ….ensure that data is controlled and moved to where it needs to be.”
Data Fabric is one technology that addresses key issues in newer data protection issues, like vendor lock-in. Then there is also Netapp Private Storage for cloud (NPS) that enables companies to take advantage of data that is not in the cloud.
Service providers like Korea Telekom can host an Amazon data centre alongside the NPS cloud for example, with the NPS having all the benefits of private, dedicated storage.
But, building a smart city requires more than just technology to maintain data integrity and privacy.
More than tech
Netapp’s APAC President Rick Scurfield said, “Smart cities is about partnerships and policies, it’s not just a tech question or tech solution.”
Case in point is the hundreds of millions of dollars the Canadian government wasted when they built a big data centre for their federal IT organisation. It violated sovereignty compliance because Canadian citizens’ data were being routed through data centres outside of the country.
Netapp’s Chief Privacy Officer, Sheila FitzPatrick pointed out that Netapp is a tech company that also complies with privacy law. “We don’t think of privacy as an afterthought. Data can be your greatest asset and detriment. If you only think of a tech solution (to data privacy), it doesn’t do you good to encrypt data you shouldn’t be collecting in the first place.”
Smart city conundrum
Smart cities come with a unique set of problems. For it to work, it needs data and lots of it.
Basically, it could lead to collection of personal data at greater rate, unknown usage of personal data by unknown parties, cybersecurity attacks, increasing data privacy laws and risk of non-compliance, new technology driving need for greater attention to potential risks and lack of transparency.
If there was a cyberattack, to what extent is a company allowed to report it, if at all? What is the data that can or can’t be collected, and many more concerns.
FitzPatrick shares best practices that can help mitigate the risks in a smart city environment. For example:
- Governance, risk and compliance
- Practicing proactive data privacy
- Doing an impact assessment
- Classifying data and managing access to data
- Defining the data ownership controller-processor roles and ensuring there is shared joint liability.
- Vet partner providers
- Doing a security assessment