Data Protection Starts from the Core

6/12/2018

By Teemu Väre

Today, a big number of businesses have most of their value tied to the data they possess instead of physical assets like premises. That creates a need to preserve the data from unauthorized access or a loss. Actually, data protection is nothing new but what has changed the most during the last decade are potential consequences of a single incident, especially regarding sensitive and often personal data. If realized, this can dramatically affect your business for years or even worse, destroy the business completely. All of this only for often poorly designed data protection.

In the past world, utilities used to do everything by themselves from strategic planning to customer service and field work. Nowadays, there is an increased trend to focus only on the key functions and let the rest be handled by external players with suitable core competence. However, the networked operation environment through partnerships and contractor agreements requires careful consideration of also data privacy issues, since personal data can’t be disclosed freely between companies acting in the same partner network.

We, in Trimble, have put more and more effort on actions strengthening both data protection and data privacy in our solutions, that is, data privacy issues from a legal aspect as opposed to data protection which is always technically oriented. Evidently, those actions are easier to implement when mechanisms of data protection and data privacy can be built together with the application logic and they are not only added separately afterwards often with technical restrictions leading to incomplete solutions.

The fairly new Utility To Go application is a mobile solution in which a modern approach to data protection and data privacy has been taken right from the beginning, with the crew location sharing as a good real world example. Who is allowed to see other’s locations and when? Basic principle in Utility To Go is that each field crew is able to control when the application sends location information to be available for others to view. For example, contractors working in the field for a utility are typically allowed to see only the locations of their own crews, possibly in addition to the ones that are working in their responsibility area. On the contrary, those responsible for operating the network are allowed to see all crew locations. This is closely related to electrical safety which is a highly important aspect in the electricity network operation.

"Evidently, data protection mechanisms are easier to implement when built together with the application logic and not added separately afterwards."

All in all, the location information is one data privacy issue but there are many more alike. Versatile configuration possibilities allows Utility To Go user organizations to set data privacy levels as they like. Information is shared today more than ever between applications and information systems both inside the organization and with external parties. This concerns also the use of personal data. Initiatives like GDPR have, positively said, caused a large-scale social debate and thus people are more conscious of issues related to their personal data. However, this is just a starting point. What matters most is that data protection requirements must also be reflected in the software design and implementation and ultimately in solutions existing in the market. Wouldn't you think so?

Read a White Paper on Web Application Security for Utilities

Understanding what Cyber Security is Built on Holds the Key

What is Cyber Security built on? As a Utility, what kind of questions do you need to ask yourself to define your security risk level? How does a modern web application mitigate cyber attacks?

Security is neither free nor automatic but requires knowledge and effort from both the solution vendor and the utility. Read this white paper on Web Application Security for Utilities to find out the answer to these questions and many more.