BreachExchange mailing list archives
Why you need to control your data supply chain
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 20 Apr 2015 18:21:19 -0600
http://www.infoworld.com/article/2910363/big-data/why-you-need-to-control-your-data-supply-chain.html A year ago, Twitter acquired Gnip, its primary reseller of data. And now, in an unsurprising move, the company is selecting to not renew its contracts with other resellers, driving all business to Gnip. Such vertical integration in the physical world is not unusual. Numerous businesses choose to control their supply and/or distribution chains, sometimes for quality reasons but often for pure financial reasons -- margin increase and costs control. This is all the more true when the product is rare and cannot be procured anywhere else. In the case of Twitter, the product is unarguably rare: very few sources provide such broad insight on the daily life of consumers, their sentiment toward brands, their state of mind. Twitter also provides real-time warning of earthquakes or floods, pandemics, revolutions, and even traffic jams. Some traders have even used it to predict stock trends, with surprising accuracy. Understanding if this applies to you If you are making a living of selling data, you should carefully study this move. You may not have to go as far as acquiring your resellers like Twitter did, but at least understand the value added, and quality of service you are getting from them. I am not saying that all cases will require an actual consolidation -- but you should at least think about it. Doing business with data in the digital world is not dissimilar to doing business with manufactured goods in the digital world. Real-time is just closer to its true meaning, and the marginal cost of replicating the product is close to zero. But you still have consumers, resellers, contracts, a supply chain (except it’s not made of trucks and shipping containers, but of APIs). Figuring out the go-to-market The job of your supply chain is to provide data -- either raw data feeds, or insight. From the business angle, you need to figure out the right go-to-market model. How much commission or rebate do your resellers earn? Who owns the relationship and the contract with the end customer? Do you have the know-how and logistical abilities to handle all this in-house? The second angle is the quality of service. Is the reseller providing reliable, scalable access to your feeds? How secure is the delivery process? In the physical world, access to warehouses is restricted, and trucks are locked. Your data feeds need to be similarly secured. Protecting from data theft Naturally, you want to protect your digital delivery mechanism from data theft. I am not talking about sophisticated hacking -- unfortunately this is very hard to prevent. But simple measures, such as providing individual API credentials to each user, limiting call rates to prevent recursive bots, will go a long way toward ensuring that only authorized users will have access to the data you are selling to them. Key to the future of your data business There is a huge difference between doing business with an end-client and a reseller. In a world where duplicating the goods or transforming them further require no effort, you want to be extra careful about the rights you grant to each of your clients. Because the future of your data business depends on it. And this is exactly why Twitter is regaining control of their own supply chain.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Why you need to control your data supply chain Audrey McNeil (Apr 27)