What Lessons Can the Ag Industry Learn from the Facebook Data Breach? How to Tell if Your Ag Data is Secure

Today, a seemingly endless amount of ag data flows from growers’ fields into a host of technology platforms. It is top of mind given the Facebook data breach involving Cambridge Analytica that compromised millions of users’ personal information. With all of the data being transmitted in the ag space, it is possible a similar incident could occur in our industry. So how can we be certain our data is secure?

In my talks with growers, I have observed them over-relying on technology providers and implicitly trusting them to secure their data without question. All too often, it is simply a handshake instead of a formalized security program and a detailed understanding of its documented protocols.

But the tides are changing. At the recent Farms.com Precision Agriculture Conference, I spoke with growers about the questions they should be asking technology companies regarding their approaches to data security. I also advised on the answers to look for.

I am so passionate about this topic because we treat security very seriously at Uptake. As an ISO 27001-certified organization, it is paramount in everything we do. Here are the top five considerations you need to know when it comes to the security of your ag data:

1) How is my ag data accessed, and how are user identities authenticated?
Strong data access control should be based on the security requirements of leading industry organizations such as the National Institute of Standards and Technology (NIST). For example, the NIST principle of “least privilege” requires that users receive only the level of access necessary to perform their job functions. Ag data access control should include, but not be limited to, passwords, cryptographic keys, and multi-factor authentication devices. In the physical realm, it should include, but not be limited to, key cards, PINs, biometrics, and 24/7 closed circuit television monitoring.

2) How are my connected ag machines and sensors secured?
Edge devices connect your ag machines in the field to technology providers’ platforms. The most secure edge devices are built upon robust reference frameworks that were developed by both security and Internet of Things experts and have been validated by third-party security assessments. Only authorized users should have access to edge devices and their data. Measures need to be taken to protect against unauthorized device access and the interception of communications between those devices and technology platforms.

3) How is my most sensitive ag data organized and managed? Is it encrypted in the platform? Is my live ag data used in development environments?
To determine the right level of protection, your ag data assets should first be classified before any ingestion takes place. All of your ag data must be classified to provide clear visibility of any potential threats and to maintain highly restricted access to sensitive information. It is imperative that your live ag data is isolated from development and testing environments. Once ingestion of your ag data begins, it should be encrypted both in transit and at rest.

4) How is my ag data protected from falling into the wrong hands? How is it kept from being hacked and how often are vulnerabilities checked for?
Technology providers’ networks should use tiered classification frameworks to ensure the separation of your ag data. Ask if they offer client-protected data enclaves, whether physical or virtual private cloud. Confirm they have a fully hardened security stack that includes endpoint and network threat prevention, application firewalls, and vulnerability scanning. The most effective security stacks offer proactive, continuous attack simulations performed on them by in-house teams to anticipate and mitigate unauthorized access, privilege escalation, and ag data theft.

5) When developers use my ag data to build products, how do they prevent it from being exposed in their code?
In order to safeguard your ag data, security needs to be embedded within the software development lifecycle (SDLC). Doing so allows for code-level security insights while ensuring continuous delivery of software. Within the flow of the SDLC, both static and dynamic code analysis should occur – including process gates to prevent the introduction of any security vulnerabilities into production environments. Developers and anyone else who is able to influence application security should be given comprehensive training tailored to fast-paced development in an Agile framework.

In summation, an industrial-strength security program does not stop there – nor does it sleep. It is continuous, comprehensive, proactive, and relentless. If you are still hungry for knowledge, ask technology providers the following questions:

  • Do you teach your developers how to think and act like hackers for the purposes of testing your platform’s security and identifying any issues before bad actors can?
  • How frequently do you perform code scans of your platform?
  • How frequently do you perform independent security assessments of your platform?
  • Do you have a Bug Bounty Program that engages with the security community to reward the identification of potential vulnerabilities?

If a technology provider cannot provide you with satisfactory answers to all of these questions – or if they attempt to pass the buck to another entity in the connected ag value chain – it is a major red flag. I leave you with a helpful snapshot of what a differentiated and secure SDLC process looks like:

Differentiated-Secure-SDLC-Process-chart

Leave a Reply

One comment on “What Lessons Can the Ag Industry Learn from the Facebook Data Breach? How to Tell if Your Ag Data is Secure

Data Management Stories
Data ManagementInfoAg News: Farmobile Launches DataEngine, Streamlines DataStore Buyer Process
July 17, 2018
Busy times these days out in Overland Park Leawood, KS, for ag data startup Farmobile, as they continue to – Read More
Farmer-Tablet
Data ManagementAgriculture’s Next Breakthrough: New Technologies Are Driving Efficiency, Data Insights
July 3, 2018
We live in an exciting time in agriculture. Not only is technology advancing rapidly, but the understanding and comprehension of Read More
Data ManagementThe Most Overlooked Asset in the Agtech Revolution
June 25, 2018
There is no doubt that advancements in genetics, precision agriculture, and innovative farming practices have all played an instrumental role Read More
Soil-Corn-plants-field
Data ManagementRemote Soil-Sensed Management Zones Help Increase Crop Input Efficiency
June 18, 2018
Accurate prescription maps are essential for effective variable rate technology (VRT) fertilizer application. Grid soil sampling is frequently used to Read More
Trending Articles
ISPA-Yoshua-Bengio
EventsHighlights from the 14th International Conference on Precision Agriculture
July 9, 2018
The 14th International Conference on Precision Agriculture (ICPA) presented by the International Society of Precision Agriculture (ISPA) was held in Montreal, Read More
Topcon X30 Console in cab
EventsAssociation Seeks Definitive Definition of “Precision Agriculture” — What’s Your Vote?
July 2, 2018
More than two-dozen definitions of precision agriculture have been identified through the years — but which is the best and Read More
AmericasRaven Name to Grace New South Dakota State University Facility
June 27, 2018
According to a press release issued by the company, Raven Industries was recognized today in the naming of South Dakota Read More
dropcopter
DronesNew York Apple Orchard Claims World First in Pollination by Drone
June 18, 2018
Beak & Skiff Apple Orchard in LaFayette, NY, is the first orchard in the world to use drones to pollinate Read More
JDandPessl
Sensors/IoTJohn Deere, Pessl Instruments Team Up to Create Opportunities
June 18, 2018
John Deere is best known for its line of tractors, combines, sprayers, and implements. However, in an effort to help Read More
Matt-Waits-featured
Decision Support SoftwareSST’s Matt Waits: Innovative Data Solutions Key to Transforming Global Agriculture
May 31, 2018
Proagrica, part of RELX Group, earlier this year acquired U.S.-based precision agriculture solutions company, SST Software, in a move set Read More
Latest News
Uncategorized2018 CTIC Conservation In Action Tour: Bringing Back th…
July 20, 2018
We here at PrecisionAg.com and PrecisionAg Professional recently had the opportunity to attend the 2018 Conservation Technology Information Center’s(West Lafeyette, Read More
Tools & Smart EquipmentCanadian Planter Manufacturer Purchases Harvest Interna…
July 19, 2018
Seeding and planting technology innovator Clean Seed has signed an agreement to strategically acquire U.S. planting equipment manufacturer Harvest International, Read More
Data ManagementInfoAg News: Farmobile Launches DataEngine, Streamlines…
July 17, 2018
Busy times these days out in Overland Park Leawood, KS, for ag data startup Farmobile, as they continue to – Read More
Agrible
Grower Services & SolutionsNutrien Drops $63 Million to Acquire Agrible
July 16, 2018
Nutrien announced today that it has entered into a definitive agreement to acquire Agrible for total consideration of $63 million, Read More
Industry NewsFarmobile Acquires Prime Meridian, Taps Cubbage as New …
July 13, 2018
Farmobile today announced an agreement to acquire the assets of Prime Meridian, a precision agriculture data management company based in Read More
group-photo
DronesPrecision Agriculture Takes Flight at North Carolina St…
July 13, 2018
Take a walk into the Suggs Laboratory for Precision Agriculture and Machine Systems and it’s hard not to be impressed, Read More
Skeketee-IC-Weeder
DronesAutomated Weeders Have Arrived in Vegetable Fields
July 12, 2018
The vegetable production areas of the Central Coast of California have lifted vegetable cultivation to a high art, writes Richard Read More
AgJunction, InfoAg 2014, Autosteer, GPS
Industry NewsAgJunction Settles with Raven in Patent Infringement Su…
July 12, 2018
AgJunction Inc., a leader in advanced guidance and autosteering, has settled a patent infringement lawsuit it filed against Raven Industries, Read More
Retailer-Grower-tablet
Business ManagementTaking Measure of the Precision Agriculture Program: 6 …
July 12, 2018
In the overall agriculture market, the rhetoric surrounding emerging technology over the past half-decade has been nothing short of breathless. Read More
raven-slingshot-job-generator-job-sync-1
Industry NewsNew Raven Slingshot Advancements Will Help Save Time, R…
July 11, 2018
Raven Industries, Inc. has announced several new services available on the Slingshot and Viper 4 platforms: Job Generator and Job Read More
Onsite-logo
Industry NewsAgIntegrated Acquires Exclusive Licence to Satshot’s Im…
July 11, 2018
AgIntegrated, Inc. (AGI), a leader in precision ag data integration and software development, and Satshot, a leader and pioneer in Read More
Australian Harvest
Australia/New ZealandAustralian Agritech Plants Blockchain for Efficiency
July 11, 2018
“Agritech” at one time would have meant new equipment such as tractors and combine harvesters, but today it refers to Read More
Tomato-crop-India
AsiaIndia: Using Artificial Intelligence for the Good of Fa…
July 11, 2018
After graduating from IIT-Madras, the first thing that Vivek Rajkumar did was to buy four acres near Thiruvananthapuram and start Read More
BrightFarms
Industry NewsForbes List of Innovative Ag-Tech Companies Includes Gr…
July 9, 2018
Forbes magazine recently posted a list of the 25 most innovative ag-tech startups in 2018, which includes a few companies Read More
AmericasNutrien Ag Solutions Brand, New Digital Platform Launch…
July 9, 2018
Nutrien (formerly Crop Production Services) has officially rebranded its retail business to Nutrien Ag Solutions, aligning the company’s retail operations Read More
ISPA-Yoshua-Bengio
EventsHighlights from the 14th International Conference on Pr…
July 9, 2018
The 14th International Conference on Precision Agriculture (ICPA) presented by the International Society of Precision Agriculture (ISPA) was held in Montreal, Read More
TerrAvion
Industry NewsTerrAvion Integrates Aerial Imagery with John Deere Ope…
July 6, 2018
TerrAvion, Inc., a large volume provider of aerial imagery to agriculture, has announced an integration to allow TerrAvion’s aerial imagery Read More
Farmer-Tablet
Data ManagementAgriculture’s Next Breakthrough: New Technologies…
July 3, 2018
We live in an exciting time in agriculture. Not only is technology advancing rapidly, but the understanding and comprehension of Read More