What Lessons Can the Ag Industry Learn from the Facebook Data Breach? How to Tell if Your Ag Data is Secure

Today, a seemingly endless amount of ag data flows from growers’ fields into a host of technology platforms. It is top of mind given the Facebook data breach involving Cambridge Analytica that compromised millions of users’ personal information. With all of the data being transmitted in the ag space, it is possible a similar incident could occur in our industry. So how can we be certain our data is secure?

In my talks with growers, I have observed them over-relying on technology providers and implicitly trusting them to secure their data without question. All too often, it is simply a handshake instead of a formalized security program and a detailed understanding of its documented protocols.

But the tides are changing. At the recent Farms.com Precision Agriculture Conference, I spoke with growers about the questions they should be asking technology companies regarding their approaches to data security. I also advised on the answers to look for.

I am so passionate about this topic because we treat security very seriously at Uptake. As an ISO 27001-certified organization, it is paramount in everything we do. Here are the top five considerations you need to know when it comes to the security of your ag data:

1) How is my ag data accessed, and how are user identities authenticated?
Strong data access control should be based on the security requirements of leading industry organizations such as the National Institute of Standards and Technology (NIST). For example, the NIST principle of “least privilege” requires that users receive only the level of access necessary to perform their job functions. Ag data access control should include, but not be limited to, passwords, cryptographic keys, and multi-factor authentication devices. In the physical realm, it should include, but not be limited to, key cards, PINs, biometrics, and 24/7 closed circuit television monitoring.

2) How are my connected ag machines and sensors secured?
Edge devices connect your ag machines in the field to technology providers’ platforms. The most secure edge devices are built upon robust reference frameworks that were developed by both security and Internet of Things experts and have been validated by third-party security assessments. Only authorized users should have access to edge devices and their data. Measures need to be taken to protect against unauthorized device access and the interception of communications between those devices and technology platforms.

3) How is my most sensitive ag data organized and managed? Is it encrypted in the platform? Is my live ag data used in development environments?
To determine the right level of protection, your ag data assets should first be classified before any ingestion takes place. All of your ag data must be classified to provide clear visibility of any potential threats and to maintain highly restricted access to sensitive information. It is imperative that your live ag data is isolated from development and testing environments. Once ingestion of your ag data begins, it should be encrypted both in transit and at rest.

4) How is my ag data protected from falling into the wrong hands? How is it kept from being hacked and how often are vulnerabilities checked for?
Technology providers’ networks should use tiered classification frameworks to ensure the separation of your ag data. Ask if they offer client-protected data enclaves, whether physical or virtual private cloud. Confirm they have a fully hardened security stack that includes endpoint and network threat prevention, application firewalls, and vulnerability scanning. The most effective security stacks offer proactive, continuous attack simulations performed on them by in-house teams to anticipate and mitigate unauthorized access, privilege escalation, and ag data theft.

5) When developers use my ag data to build products, how do they prevent it from being exposed in their code?
In order to safeguard your ag data, security needs to be embedded within the software development lifecycle (SDLC). Doing so allows for code-level security insights while ensuring continuous delivery of software. Within the flow of the SDLC, both static and dynamic code analysis should occur – including process gates to prevent the introduction of any security vulnerabilities into production environments. Developers and anyone else who is able to influence application security should be given comprehensive training tailored to fast-paced development in an Agile framework.

In summation, an industrial-strength security program does not stop there – nor does it sleep. It is continuous, comprehensive, proactive, and relentless. If you are still hungry for knowledge, ask technology providers the following questions:

  • Do you teach your developers how to think and act like hackers for the purposes of testing your platform’s security and identifying any issues before bad actors can?
  • How frequently do you perform code scans of your platform?
  • How frequently do you perform independent security assessments of your platform?
  • Do you have a Bug Bounty Program that engages with the security community to reward the identification of potential vulnerabilities?

If a technology provider cannot provide you with satisfactory answers to all of these questions – or if they attempt to pass the buck to another entity in the connected ag value chain – it is a major red flag. I leave you with a helpful snapshot of what a differentiated and secure SDLC process looks like:

Differentiated-Secure-SDLC-Process-chart

Leave a Reply

One comment on “What Lessons Can the Ag Industry Learn from the Facebook Data Breach? How to Tell if Your Ag Data is Secure

Data Management Stories
Google-Earth-Map-featured-image
Data ManagementRainfall Revisited: Accurate Observations and Beyond
September 18, 2018
As a provider of weather analysis and forecast services to the agricultural industry, one of the most common questions I Read More
Soil-Hand
Data ManagementAre You Using Your Soil to Its Full Potential?
September 14, 2018
Harvest is progressing across most parts of the U.S. and those growers who aren’t already harvesting are gearing up to Read More
Tablet Grower
Data ManagementThe Power of Predictive Analytics in Agriculture
September 5, 2018
Years ago if we would have been told computers, data, and technology would be scattered around every farm there may Read More
AmericasOn The Scene: 2018 Farm Progress Show Wrap Up
September 5, 2018
Former Monsanto President (now Bayer CropScience Chief Operating Office) Brett Begemann’s opening salvo during his first appearance at a Farm Read More
Trending Articles
Soil-Hand
Data ManagementAre You Using Your Soil to Its Full Potential?
September 14, 2018
Harvest is progressing across most parts of the U.S. and those growers who aren’t already harvesting are gearing up to Read More
Grower-Retailer
Imagery/SensingAgtech: 10 Things I Hate About You!
September 4, 2018
Before you get bent out of shape from the title, remember if you’ve read my articles before you know I Read More
Kansas State University
Industry NewsKansas State University, Topcon Form Precision Ag Research Partnership
August 30, 2018
Kansas State University and Topcon Agriculture are collaborating to develop tools and systems to advance precision agriculture and support farmers. Read More
Blockchain building block graphic
Specialty CropsIs Blockchain the Future of Food Safety?
August 24, 2018
When the Internet Protocol Suite (TCP/IP) was standardized in 1982, permitting the worldwide proliferation of interconnected networks and eventually the Read More
WinField’s Joel Wipperfurth On Empowering Data-Driven Decisions
InfoAg ConferenceOne on One with Joel Wipperfurth, Winfield United
August 15, 2018
Winfield United's Joel Wipperfurth discusses ag technology trends and topics during last month’s InfoAg Conference. Read More
Geosys
Industry NewsUrtheCast to Acquire Geosys from Land O’Lakes in $20 Million Deal
August 15, 2018
UrtheCast Corp. and Land O’Lakes, Inc. today announced they have entered a binding term sheet for the purchase of Geosys Read More
Latest News
Business ManagementIvy Tech, Farmers Partner to Help Precision Ag Educatio…
September 20, 2018
Harvest time has taken on a new meaning for some Wabash Valley farmers, and Bobbi Hunt-Kincaid hopes her family’s first Read More
Sensors
Sensors/IoTThe Answer to Agriculture’s Daunting Challenges – Soil …
September 20, 2018
According to the United Nations, 9.6 billion people will live on planet Earth by 2050. Feeding these mouths will require Read More
Google-Earth-Map-featured-image
Data ManagementRainfall Revisited: Accurate Observations and Beyond
September 18, 2018
As a provider of weather analysis and forecast services to the agricultural industry, one of the most common questions I Read More
PenelopeNagel
Business ManagementWhy Is Funding a Challenge for Women-Led Agtech Compani…
September 17, 2018
When it comes to women-led agtech companies the funding discussion never seems to cease. In June after the The New Read More
Mobile Phone in field
Decision Support SoftwareWhy Are 570 Million Farmers Not Yet Using Agricultural …
September 17, 2018
Until recently, using agricultural apps and software was a rare practice among growers. This is now changing. The mass adoption Read More
Soil-Hand
Data ManagementAre You Using Your Soil to Its Full Potential?
September 14, 2018
Harvest is progressing across most parts of the U.S. and those growers who aren’t already harvesting are gearing up to Read More
Grower Services & SolutionsDeere-Granular Collaboration Produces New Profit Maps T…
September 14, 2018
The newest development from the ongoing John Deere-Granular product development and marketing collaboration is Profit Maps, now available to farmers Read More
Wingtra
DronesOpinion: Combining Two Pluses with the WingtraOne UAV
September 13, 2018
For the every-day consumer interested in UAVs, there is an ocean of products from which to choose. This includes the Read More
Farmer-tablet
AsiaShould Agri-Input Manufacturers Outsource E-Commerce to…
September 12, 2018
Editor’s note: Venky Ramachandran is a contributing writer for PrecisionAg.com’s sister site, AgriBusinessGlobal.com. This article was originally published on LinkedIn. Now, Read More
ICON-Link-Licensing_featured-image
Industry NewsValley Irrigation Adds Remote Irrigation Management Opt…
September 11, 2018
Valley Irrigation, an industry leader in smart irrigation solutions, has announced enhancements to its remote management technologies. Multi-Year Licensing In Read More
Reflex-Connect-Agri-Inject-featured-image
Variable Rate ApplicationVariable Rate Fertigation System Expands with Mobile Co…
September 10, 2018
Building on the success of its Reflex Variable Rate Fertigation system, Agri-Inject has taken fluid injection to the next level Read More
Industry NewsTeralytic Earns Ag Data Transparent Certification
September 10, 2018
Soil analytics company Teralytic has completed the Ag Data Transparent certification, affirming that their data use is private, secure, and Read More
Business ManagementTop 20 Two-Year Colleges for Precision Agriculture
September 10, 2018
Earlier this year, I compiled a list of the 25 best colleges for precision agriculture. It was quite the process. Read More
Industry NewsRaven, Topcon Announce Slingshot API Agreement
September 6, 2018
Raven Industries and Topcon Agriculture announced today a licensing agreement for Topcon Agriculture’s use of the Slingshot Application Programming Interface Read More
Tablet Grower
Data ManagementThe Power of Predictive Analytics in Agriculture
September 5, 2018
Years ago if we would have been told computers, data, and technology would be scattered around every farm there may Read More
DronessenseFly Launches eBee X Drone, Breaks Through 1,000 ac…
September 5, 2018
senseFly today reportedly sets a new standard in mapping tools with the launch of the eBee X. Launched with the Read More
AmericasOn The Scene: 2018 Farm Progress Show Wrap Up
September 5, 2018
Former Monsanto President (now Bayer CropScience Chief Operating Office) Brett Begemann’s opening salvo during his first appearance at a Farm Read More
EventsAg Experts Discuss Big Data Challenges in Agriculture
September 5, 2018
Agricultural experts at a Houston conference praised the advancements in unmanned aerial vehicles, sensors, and data-collecting technology used in precision Read More