Balancing data security versus data access for authorized users is a constant challenge. By increasing the number and range of security checks to authenticate customer access, are organizations making it more difficult for legitimate customers to access their accounts and subtly moving the balance of responsibility for data security to their customers?
A number of banks issue customers with a keypad (Figure 1) to generate a secure key passcode that replaces one level of password access to customer accounts. This provides two factor security authentication by requiring the customer to know specific details of their account (their username and an answer to a security question) and be in possession of their keypad (and know the code to access the secure key keypad). Two factor authentication claims to have reduced fraud, although there are also well documented cases of hackers getting around the additional security. However, the keypads also impose an additional barrier hindering the ability of authorized customers to access their customer data.
Figure 1: Secure Key Keypad
Secure key keypads claim to be portable (that is, small) and are therefore difficult to use, not just by the elderly or users who are registered disabled; anyone without perfect eye sight and nimble dexterity may find themselves at war with the keypad. Authorized users are therefore being prevented from accessing their data and gaining access to their finances.
IT has changed how customers manage their finances, changing customer behaviour and and changing customer expectations about how to access personal financial data. A lack of access to online accounts can cause significant inconvenience. Online banking has also introduced new challenges for the unscrupulous to overcome in order to gain unauthorized access to data. IT initiates transformative change in organizations and in wider society; the IT industry therefore needs to take responsibility for the negative as well as the positive impacts of technology-led change.
Wider data access increases the opportunities available to attempt to gain unauthorized access to data. This requires additional barriers to be erected to protect data, but the barriers also hinder legitimate data access. Two factor authentication slows down and hinders access to data (perhaps being a greater hindrance to legitimate authorized users than to unauthorized users) as customers are required to increasingly become responsible for data security.
Proving identity in a faceless online community is challenging requiring authentication level factors to increase, increasing the responsibility of authorized users to prove themselves. Collection, storage and access to data are facilitated by IT, however, the socio-technical issues of transformative change also need to be understood within an information management context in order to balance data security versus data access.
Further Reading: data security is discussed in Chapter 5, transformative change is discussed in Chapter 1 and technology-led change is discussed in Chapter 13.
Please use the following to reference this blog post in your own work:
Cox, S. A., (2014), ‘Data Security versus Data Access’, 4 July 2014, http://www.managinginformation.org/data-security-versus-data-access/, [Date accessed: dd:mm:yy]