Security expert Fredrik Söderblom at XPD often works with customers to take stock of what data they have that needs to be protected. He sees MetaSolutions’ EntryScape platform as a promising tool for keeping track of the identified data sets. The fact that it will be easy to publish the datasets that are suitable as open data is a bonus.
It cannot have escaped anyone’s notice that cybersecurity, or IT security, has emerged as one of the most important priority areas for all governments, businesses and organizations. Securing technology assets and data poses significant challenges. The first step is to determine what needs to be protected.
What data do we have, where is it located, is it sensitive, and who owns it? Without this knowledge, it is not possible to approach security in a rational and systematic way.
Read also: Open data facilitates the development of AI
Fredrik Söderblom, CEO and founder of the security company XPD, has worked with IT and information security for more than 30 years. Founded in 2002, XPD is a consulting company with seven employees. Its clients include government agencies, banks and hospitals. A recurring theme in the company’s projects is that clients have poor control over the resources they need to protect.
– We conduct regular audits to take stock of what resources, including data sets, are worth protecting. It is often unclear whether customers’ records should be public or private, says Fredrik.
Living metadata with EntryScape
In his search for a tool to manage the information generated during audits, Fredrik Söderblom came across MetaSolutions’ EntryScape platform.
– EntryScape looks promising as a tool for cataloging records and especially for keeping such lists alive. We are looking forward to using EntryScape in customer projects, says Fredrik Söderblom.
Do you want to get started with open data? Click here.
Organizations are constantly adding new records. Existing records change and sometimes disappear. When lists are managed with tools such as Microsoft Excel or other spreadsheet programs, they can easily become outdated.
– EntryScape provides a central and accessible location for information about what records exist, with metadata describing properties that are important from a security perspective. This improves the quality of security work, says Fredrik Söderblom.
Once open data – always open data
An important activity during the audits that XPD conducts is to determine whether data sets should be public or private. This is an important decision point in terms of how the datasets should be secured. Simply put, more stringent security is required for closed datasets that are internal.
Maintaining information about the status of records, whether private or public, is a challenge. This can easily result in employees who receive requests to release data having to re-verify the status, even though it has been set once. One way to avoid this extra work is to classify a record as open when appropriate. Once open, it is always open until otherwise decided. When a dataset is open, its data can be published and shared.
Read more: Four steps to get started with open data
When a platform like EntryScape is used to classify information and data, it is a short step to using it to publish open data. When data sets are available as open data, for example on the Swedish Data Portal, even more work is avoided in finding and distributing requested data sets, which costs a lot of money.
Central data catalogs are key
In the long run, a platform like EntryScape can also help facilitate the technical integration needed to secure data. Currently, many organizations use many different security tools that need access to the same data, but often have their own way of managing data about protected assets. A central data source with information about resources should make this easier. Fredrik Söderblom says that most organizations are not there yet:
– Today, different security activities are often separated from each other, he explains.
– This is not the main purpose, but EntryScape can already be a central resource to facilitate mapping and technical integration between security solutions. The ability to work in central catalogs to describe and manage records, APIs and documents greatly facilitates the necessary security work. It is not possible to protect records if you do not know that they exist and where they exist, concludes Fredrik Söderblom.