Shane Thomas
Shane Thomas

Distribution Is King: The AgTech Distribution Dilemma
Rachel Hor
Rachel Hor

AI-Driven Climate Insurance: A Provocative Solution to Earth's Uncertain Future
Ksenia Korolkova
Ksenia Korolkova

How to Avoid the Top 10 Most Common Mistakes in Agricultural Drone Surveying
Jane Marsh
Jane Marsh

How Technology Could Revolutionize Livestock Protection
Data Management August 10, 2020

Data Security: 4 Most Important Questions to Ask Any Ag-Tech Provider

David Eddy
By David Eddy
Chief Technology Officer | Agworld

Data security breach. Cyber attack. Data security. We see these and other related words in our newspapers on a regular basis and we’ve all seen the implications a data security breach carries for both a software provider and its users. It’s no surprise then that a growing number of people ask us about Agworld’s data security policies and practices when evaluating systems for their farm or agronomy business.

As Chief Technology Officer of Agworld, I deal with data security on a daily basis and know exactly what to look for, and which questions to ask, when considering a system that will contain any kind of farm or agronomy data. In order to help those that are currently evaluating systems, I have listed the four most important questions to ask any provider. These are all simple questions and the answers you receive should be straight forward; if they’re not, that will tell you enough.

Advertisement

1. Hosting and infrastructure

Is a redundant data hosting structure in place and is your data hosting scalable? 

The hosting and infrastructure situation of any data platform is critical. All data should be redundant hosted in multiple data centers and hosting needs to be scalable based on user load.

Top Articles
Distribution Is King: The AgTech Distribution Dilemma

Redundant hosting in geographically separated data centers ensures service continuity in the case of one data center having complete failure, for example in the case of a localized incident.

Hosting scalability is important to guarantee service during season demand peaks (when most agronomists perform their pre-season planning at the same time for example) and for when a significant number of new clients get onboarded. It’s not uncommon for this to cause regular outages with some providers.

2. Data recovery and security

Is a best-practice system in place around data recovery and security, and do you have a dedicated team responsible for service reliability and security?

Some of the best practices you should be looking for:

  • Access to production servers should be limited to only those who require access. (Concept of least privilege)
  • Development and production servers should be hosted in independent networks, so servers in one area cannot communicate to the others.
  • All data communication between the data center’s isolated networks and the internet should be encrypted.
  • Regular data backups should be created to protect against data loss from failures.

Data recovery and security should never be an afterthought or someone’s Friday-afternoon job. It’s a critically important component of any technology service provider and as such deserves a dedicated team that is responsible.

3. Authentication 

Is a robust authentication and authorization solution in place for users? Is Two-Factor Authentication and Single Sign On in place for administrators?

Authentication and authorization should be provided by an industry leading security specialist integrated into a platform or software; “home-made solutions” simply don’t cut it anymore in today’s environment. The ability to authenticate and authorize users and prevent unauthorized access is critical to maintain data privacy.

How a provider’s administrators are able to access the back-end of systems is probably more important than you think. You only have to think about the recent attack on Twitter, that saw a number of high-profile accounts getting hacked, to realize how critical this is. Administrator’s access should always be protected by Two-Factor Authentication and Single Sign On at a minimum. Remember: if an administrator’s account is compromised, your data is compromised too!

4. Penetration testing

Is a system in place for regular penetration testing to highlight any vulnerabilities?

No matter how good systems and procedures are, vulnerabilities can always exist where they are least expected. In order to highlight any security vulnerabilities rapidly and get them fixed as soon as possible, any ag-tech provider should perform at least annual penetration testing by an external provider.

Looking for Signs

I hope these four standard questions above will help you make the best possible ag-tech adoption decision for your business. And don’t forget, there’s often some very simple signs to look for that will tell you all you need:

  • Any ag-tech provider should have a standard document they can send you at a moment’s notice with these and many other data security questions answered.
  • If a company does not want to answer these questions, this should be a big red flag for you.
  • A very small company that only employs a few people will often not have a dedicated data security team and is not focused on this topic — with a lot of inherent risks.
  • For new start-ups it’s easy to focus just on “developing features” and data security can become an afterthought; data will inherently be compromised at some point. This lack of focus on data security is not the case for every start-up, but it is something to check and make sure if you consider using their services.

If you have any questions about data security and the topics I have touched on in this article, or if you would like to find out how Agworld handles data security, please don’t hesitate to reach out to me at [email protected].

0

David Eddy is the Chief Technology Officer for Agworld. David holds a Bachelor's degree in Computer Science from the University of Western Australia and has more than 20 years' experience in software development and leading development teams. David is passionate about optimizing development teams and processes in order to get the best possible result for the end users.
See all author stories here.

Leave a Reply

Avatar for Anonymous Farmer but asked to have all sorts of social media Anonymous Farmer but asked to have all sorts of social media says:
September 11, 2020 at 9:22 pm

What I don’t see listed and strongly should be listed, is who my data is being shared with. I would adamantly not want my data shared with any party. Its my personal business information and should know if they currently are sharing, plan to share and should be contacted if they are asked to share. In reality, I don’t want any of my harvest data available to anyone else.

Reply
Avatar for Greg Allen, REDtrac LLC Greg Allen, REDtrac LLC says:
November 6, 2020 at 12:34 pm

Most of the issues you raised are routinely handled by AWS, Google, and MS Azure where almost all AgTech providers store and process data.. In today’s world, very few providers still employ on-premise servers or architecture. While your four questions are important, it is likely that most providers can answer by providing a URL to the security practices of their cloud service.

Reply