Subscribe

Allaying metadata fears

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 03 Sept 2014
Metadata is data about data, says Gareth Tudor, CEO of Altonet.
Metadata is data about data, says Gareth Tudor, CEO of Altonet.

There are unfounded fears in the industry that metadata could be a security risk, giving hosted and outsourced storage providers inappropriate access to sensitive data.

So says Gareth Tudor, CEO of Web hosting and data networking company Altonet, who defines metadata as data about data. "It tells us who authored a document, when, what the document contains and where the file 'fits' in relation to other data."

According to Tudor, metadata has become an important tool for enterprises because it is a key enabler of data storage, retrieval and/or restoration - vital requirements for any business in this era of exponential data growth.

However, he argues that just because the metadata can be read does not mean that the underlying data is available for reading. "Any simple encryption tool should protect the underlying data," says Tudor. "Furthermore, when data is backed up, it should be done over a secure connection with the data itself being encrypted and compressed before being stored on appliances or in a database."

The metadata is used by the back-end system to catalogue the backup, identifying and classifying the information being backed up, Tudor explains. "Just like the ISBN number of a book, which may tell us about the book but it does not expose the contents of the book, metadata acts as a list of contents (file and directory names, file sizes and file types) for the storage solution or service provider - it is not the actual data itself."

According to Tudor, there are also many layers of security around backed up company data. "It is usually stored within an environment accessible only to the customer organisation. Metadata may be requested by a client organisation user, but is usually only made available once the user has been authenticated and the connection - usually a secure socket layer or SSL connection - is verified to be from a legitimate user."

He points out that SSL provides protection against masquerading and eavesdropping. If data packets are sent to the user, they are likely to be encrypted, with SSL ensuring that no data modification occurs.

"Metadata is useful. It is important and it needs to be safeguarded. However, it is merely an identifier. The right authorisation and security clearance is needed to access the data itself. While general users are unlikely to ever have to deal with metadata outside of a search for documents, it is beneficial to be aware of how important this data can be for backup and retrieval of files."

Greg Milliken, VP of marketing at enterprise content management solutions provider M-Files, says metadata is playing an increasingly pivotal role in the ability for organisations to effectively organise, manage and process the massive amount of information (big data) that resides within their various applications and platforms.

Metadata also helps in dealing with compliance issues as it can help determine which users should, and perhaps shouldn't, have access to various documents, and shows when certain employees accessed documents, he notes.

He says in the era of big data where organisations are amassing large and disconnected document and data repositories, metadata serves as the bridge that connects a company's structured data (information within ERP, CRM and other database applications) with its unstructured content (Word documents, Excel files, PDFs, photos, videos, etc), which results in a powerful and more effective way to access, organise and track large amounts of business information.

Share