Data Resource Management (DRM) refers to the process that is followed to collect, analyse, store, and protect the data sets that are associated with a particular business or an organization. In the present era, the data needs and requirements for the business organizations have increased. It is because there are various data sources that are now involved and the data sets are extracted from all of these sources. There are DRM tools that are used by the firms to automate the process of data administration and management. However, there are issues that emerge with the processes carried out under DRM. Accessibility, organization, implementation, security, and compliance are some of the issues that the organizations usually face.
Overview of the Business Issue
The case study that is selected is of higher educational institutions (HEIs) in Malaysia. There are massive clusters of data sets that are involved with these institutions. There are implementation issues that these businesses are currently facing. Acceptance of Big Data as a DRM tool is one of the primary challenges that the management is facing. The users are still not aware of the benefits that the tools and techniques are capable of providing to their business which is leading to retention to implement these tools. The organization of the data sets is poor which results in the inability to access the data sets adequately (Hanapiyah, Wan Hanafi & Daud, 2018). Expert knowledge and skills are often required with the DRM tools to ensure that the organization and management of the data sets is adequately done. The HEIs in Malaysia are composed of different departments and sections. These departments have emerged as the barriers in implementation of the DRM tools.
The research approach that is used to understand the educational institutions that the organizations are currently facing and to provide them with the countermeasures will be done using qualitative and exploratory research methods. In this approach, an exploration of the DRM issues will be done by collecting the data sets through the data gathering methods as interviews, observations, domain analysis, and brainstorming (Isaacs, 2014). The data sets gathered will then be analysed to gain an in-depth understanding of the DRM issues and to propose the countermeasures. Cloud computing is a technology that has been suggested to overcome and resolve the issues.
The primary data resource management issue that usually comes up at the time of implementation is privacy and accessibility of the information and data sets. When a DRM tool is applied on the data sets, the results are required to be shared with the associated parties. For instance, in the case of HEIs of Malaysia, the details about various courses being offered, academic details of the students, faculty information, educational trends, etc. will be shared with the administrative staff members, faculty, students, and other parties involved. An institute may not wish to share the results upon Big Data Analytics with the specific parties at particular instances (Almeida & Calistru, 2013). There may also be scenarios wherein access rights and permissions may be required to be controlled till a specified time period. However, privacy, security, and accessibility are one of the major issues that may appear.
It is not easy to manage the massive clusters of the data sets. There are structured, semi-structured, and unstructured data sets that are involved and it is not easy to organize and manage such huge sets of data. The volume of these data sets is scaling faster as compared to the rise of computing resources. This may bring up an issue of the management of the data sets.
The use of DRM tools of varied structures may bring up issue of uncertainty in the process of data management. For instance, the cloud computing tools that are used come with the varied cloud models as Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). The use and involvement of these cloud models may behave differently in different environments. Similarly, there are varied databases that are available on the cloud. One of the popular set of databases is NoSQL databases. These are the ones that do not require SQL queries for storing, retrieving, and managing the data sets. The wide range of tools, platforms, algorithms, and methods may lead to increased uncertainty in data resource management (Reddy, 2016).
There are security risks and concerns that may appear for the data sets to be managed using the DRM tools. The cloud computing tools that may be used will be exposed to a variety of security risks and attacks. For instance, there may be breaching of the data sets that may occur on the cloud. There will be a lot of data that will be associated with the educational institutions. Some of these data sets may be critical while others may be non-critical. There will also be public, sensitive, and private sets of data that will be involved. The use of cloud computing for data resource management will require the data to be shared and transmitted over the network (Majhi & Shial, 2015). The attackers may breach these data sets and extract the sensitive and critical information from the cloud. There may also be scenarios wherein data properties or contents may be altered or some of the data may be re-directed to an incorrect destination. Such issues will bring up the problem of data loss, data leakage, and data manipulation.
The use of cloud computing and Big Data tools will also require several tools in the form of software, hardware, and networking tools. These will enhance the number of access points. Some of these access points may not have the required degree of security and control. The attackers may misuse this vulnerability and may give shape to the malware attacks. There are various forms of malware that may be launched on the DRM tools selected for HEIs. One such malware is ransomware. The attackers may launch the malware which will block the access of the user to the system and all of the files and contents stored in the system. For example, if the malware is launched on the cloud-based DRM tool for an institute, the faculty members and the students will not be able to access the course details and the academic information (Ismail, 2011). They will be asked to pay a ransom to unlock the system and the ransom would be in the form of a cryptocurrency. The attacker may or may not provide the students and members of the staff with the access to the systems even after the payment of the ransom. There may also be spyware malware that may be launched on the systems. It will be a malicious code that will be launched in the system and it will keep a track of all the user activities and actions. It will spy upon the actions and may capture the sensitive details.
The DRM tools that will be used designed using cloud computing as the primary technology will be exposed to a number of network-based attacks. This is because the networks will be a primary threat agent. The users may choose to access the system on public or private cloud. Public clouds are exposed to higher probability of the network-based attacks. For instance, there may be flooding attacks that may be launched by the attackers. In these attacks, the cloud networks will be flooded with unwanted data sets. These data sets may deteriorate the speed of the connections and may gradually lead to the situation of a service breakdown. These will be the denial of service attacks (Pakath, 2015). The other forms of flooding attacks may be distributed denial of service attacks, SYN flooding attacks, HTTP flooding attacks, and many more. The other network based attacks may include the network eavesdropping and man in the middle attacks. These will be the issues in which an attacker may sit on the network channels. For instance, if a faculty member may try to upload the student results on the portal of the institute by extracting the details for the cloud-based database, then the attacker may sit between the client and the server. The network activities and the information sets will be monitored without the due access to do so. This would result in the exposure of the information to the unauthorized parties.
Injection attacks are also common with the cloud computing and Big Data tools that are used for data management and administration. This is because there are one or multiple databases that are involved. These databases are exposed to injection attacks, such as SQL injection attacks, XML injection attacks, and cross site scripting attacks. In such attacks, an attacker may utilize malicious queries to extract the unauthorized data sets from the database. Another type of database does not involve SQL is NoSQL database (Singh, Powles, Pasquier & Bacon, 2015). These are the ones that do not require SQL queries for storing, retrieving, and managing the data sets. However, these databases come with their own administration and management problem. The wide range of tools, platforms, algorithms, and methods may lead to increased uncertainty in data resource management.
There may also be issues of device-based security and privacy issues that may come up. The users of HEIs will access the DRM tools and methods on a variety of mobile and desktop devices. The mobile devices are at a higher risk of getting lost or being stolen. The loss of a mobile device, such as a Smartphone or a tablet will lead to the exposure of the information sets to the unauthorized parties. The users may also forget their Smartphones at a particular location or it may fall out of their bags or pockets possessing a severe security concern (An, Zaaba & Samsudin, 2016).
Another primary DRM issue that the HEIs may face will be in terms of controlling the access and permissions. There will be several users that will be utilizing the tools in terms of the staff members of the educational institute, associated students and learners, management & administration, and many more. It will not be feasible to provide generalized access rights to all the user types. It is because one of the user types will not be authorized to view or modify the specific information types (Aruna, 2017). For instance, the demographic details of the student shall be allowed to be modified only by the information owner. Similarly, the grades of the students shall be visible and allowed to be modified by the faculty member only before they are published on the portal. Controlling the access and permissions will be necessary. However, it is an issue that comes up with the use of DRM tools because of the presence of huge number of users.
The literature review has showcased some of the primary concerns that are associated with Data Resource Management in an organization. The primary issue for HEIs in Malaysia will be the security, privacy, and accessibility of the data sets with the involvement of the DRM tools.
The cloud computing tools that may be used will be exposed to a variety of security risks and attacks. For instance, there may be breaching of the data sets that may occur on the cloud. There may also be scenarios wherein data properties or contents may be altered or some of the data may be re-directed to an incorrect destination. Such issues will bring up the problem of data loss, data leakage, and data manipulation. The attackers may misuse the security vulnerabilities and may give shape to the malware attacks. There are various forms of malware that may be launched on the DRM tools selected for HEIs. These include ransomware, spyware, viruses, Trojan horses, adware, worms, and Logic Bombs. There may be flooding attacks that may be launched by the attackers. In these attacks, the cloud networks will be flooded with unwanted data sets. These data sets may deteriorate the speed of the connections and may gradually lead to the situation of a service breakdown. The other network based attacks may include the network eavesdropping and man in the middle attacks. These will be the issues in which an attacker may sit on the network channels and gain unauthorized access to the information sets. The cloud-based databases will be exposed to injection attacks, such as SQL injection attacks, XML injection attacks, and cross site scripting attacks. Device-based issues and attacks may also come up.
There are certain control and countermeasures that are available and shall be used and integrated with the DRM tools to make sure that the security and privacy attacks do not come up.
- The issues of data breaches, data loss, leakage, and manipulation can be controlled with the use of role-based and attribute-based access control measures. These measures will provide the users with the access to the specific modules of the databases and services and the identity will be identified as per the user role. The accessibility and control of the permissions will be done in a better manner. The advanced access control mechanisms will reduce the attacking window and it will not be easy for the attackers to violate the control measures. There shall also be use of multi-fold authentication that must be done. The users may choose to put weak passwords in their credentials which may lead to easier occurrence of the attacks. The choice of strong passwords and use of combination of more than one authentication measure will enhance the privacy and security of the attacks.
- There are automated tools and packages that have been developed and shall be used with the DRM tools to control the security issues. Anti-malware and anti-denial tools are two such tools that shall be used. These tools will make sure that the malware attacks including the ransomware attacks are detected timely and are prevented. The denial of service and other forms of the flooding attacks will also be controlled using these tools. There are also automated network recorders and analysers that have been created that shall be used and implemented with the DRM tools.
- Encryption of the data sets is another significant security step that will be required to be taken by the HEIs of Malaysia. This will ensure that the data sets are protected. Even in the case of a security attack, the privacy of the data sets will be maintained. In this security control, the data sets will be converted to their cipher forms. The transmission and sharing of the information will keep the data sets in its cipher form (Huang, Ma, Yang, Fu & Niu, 2013). The receiver will be able to view the contents only upon using a security key to decrypt the data sets.
- The devices of the users will be required to be protected and the devices must be installed with a device tracker. This will allow the users to track their device in case of the device loss.
- There are several security and privacy concerns that may be avoided with the increased user awareness. The users will be required to be made aware of the security practices that they shall adopt. For instance, the users may select and put a weak password, such as their name for accessing the account. The users must be informed about the ease that it may provide the attackers to access their account. The users associated with the DRM tools may not be technically strong or may not have specific skills to understand the security loopholes that they may create (Sun, Zhang, Xiong & Zhu, 2014). Therefore, it would be essential to educate the users about the security controls and tools.
- There are administrative checks and controls that will also play a significant role in the security of the data sets. These shall include security audits and reviews along with security updates management to ensure that the security risks are avoided. The patches will be installed and the security vulnerabilities will be avoided. The other loopholes will also be identified in the review and audits which will make it easier to overcome the challenges.
The HEIs in Malaysia are currently suffering from the data resource management issues. The current DRM issues primarily include Cloud Computing and Big Data as the primary set of technologies. There are specific issues associated with these technologies. One of the primary concerns that is associated with each is in the form of security risks and attacks. HEIs are required to manage varied categories of information, such as the details about various courses being offered, academic details of the students, faculty information, educational trends, etc. These will be shared with the administrative staff members, faculty, students, and other parties involved. The sharing and transmission of information along with the information at rest may be exposed to various security attacks. There are technical and administrative controls along with certain security practices that are present that shall be used to avoid these issues. The avoidance of the issues will allow the HEIs to effectively administer and manage their data sets.
Suggestions for Future Work
It is suggested that the other technologies that may be used for DRM are also explored. Internet of Things (IoT) is one of the technologies that shall be explored to understand the features, benefits, and concerns associated with the same. Artificial Intelligence is also being used for several business functions and operations. It may be used for data management as well. These technologies and their role in data resource management shall be explored.
The case study that is selected is of higher educational institutions (HEIs) in Malaysia. There are massive clusters of data sets that are involved with these institutions. There are implementation issues that these businesses are currently facing. The primary data resource management issue that usually comes up at the time of implementation is privacy and accessibility of the information and data sets. There are security concerns in the form of malware attacks, flooding attacks, data breaches, data manipulation issues, data loss, data leakage, etc. that may also emerge. There are certain control and countermeasures that are available and shall be used and integrated with the DRM tools to make sure that the security and privacy attacks do not come up and the benefits out of cloud computing and other DRM tools are gained.
Almeida, F., & Calistru, C. (2013). The main challenges and issues of big data management. International Journal Of Research Studies In Computing, 2(1). doi: 10.5861/ijrsc.2012.209
An, Y., Zaaba, Z., & Samsudin, N. (2016). Reviews on Security Issues and Challenges in Cloud Computing. IOP Conference Series: Materials Science And Engineering, 160, 012106. doi: 10.1088/1757-899x/160/1/012106
Aruna, D. (2017). Cloud Computing Security Challenges and Risks. International Journal For Research In Applied Science And Engineering Technology, V(XI), 1635-1641. doi: 10.22214/ijraset.2017.11234
Hanapiyah, Z., Wan Hanafi, W., & Daud, S. (2018). ISSUES, CHALLENGES AND OPPORTUNITIES OF BIG DATA MANAGEMENT IN HIGHER EDUCATION INSTITUTIONS IN MALAYSIA. Indian Journal Of Science And Technology, 11(4), 1-6. doi: 10.17485/ijst/2018/v11i4/121088
Huang, Q., Ma, Z., Yang, Y., Fu, J., & Niu, X. (2013). Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing. The Journal Of China Universities Of Posts And Telecommunications, 20(6), 88-95. doi: 10.1016/s1005-8885(13)60113-2
Isaacs, A. (2014). An overview of qualitative research methodology for public health researchers. International Journal Of Medicine And Public Health, 4(4), 318. doi: 10.4103/2230-8598.144055
Ismail, N. (2011). Cursing the Cloud (or) Controlling the Cloud?. Computer Law & Security Review, 27(3), 250-257. doi: 10.1016/j.clsr.2011.03.005
Majhi, S., & Shial, G. (2015). Challenges in Big Data Cloud Computing And Future Research Prospects: A Review. The Smart Computing Review. doi: 10.6029/smartcr.2015.04.010
Pakath, R. (2015). Competing on the Cloud: A Review and Synthesis of Potential Benefits and Possible Pitfalls. Journal Of Organizational Computing And Electronic Commerce, 25(1), 1-27. doi: 10.1080/10919392.2015.990771
Reddy, M. (2016). Big Data and Current Cloud Computing Issues and Challenges. International Journal Of Engineering And Computer Science. doi: 10.18535/ijecs/v5i4.30
Singh, J., Powles, J., Pasquier, T., & Bacon, J. (2015). Data Flow Management and Compliance in Cloud Computing. IEEE Cloud Computing, 2(4), 24-32. doi: 10.1109/mcc.2015.69
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data Security and Privacy in Cloud Computing. International Journal Of Distributed Sensor Networks, 10(7), 190903. doi: 10.1155/2014/190903