Data Security across the Enterprise
Paradigm Shift in Data Security
Over the past five years, great strides have been made toward managing cost and availability. Virtualization, On Demand Computing, and Software as a Service are great examples of the progress that has been made. Conversely, there is tremendous focus on Big Data and data Analytics; and I believe the progresses in this filed will unleash the next wave of business disruption. However, the underlying threat in my industry and soon to come (assuming Big Data will change how every business functions) is Information Security. In spite of increase in velocity and scope of data breaches over the past couple of years, the investment in tools and approach to data security has remained flat. Majority of the products are focused on data security at network point of entry and exit with few exception focused on network analytics and pattern recognition. As data continues to become a more critical component of new economy, there will be more need for new and innovative technologies and paradigm shift in data security techniques.
Two sides of Integrating Data Across Enterprise
Integrating data is a good news bad news scenario. On the positive side, most fortune 500 companies have been gathering significant data points on their consumers. Along the same trend, the technology providers have provided a slew of options at different value point to meet the needs of this space. On the negative side, the consumer data is not actionable unless it is married to customer delivery channel. However, focus on delivery channel data is a recent phenomenon where many companies are playing catch-up. I believe over the next twenty-four months Big Data focused on consumer, channel and predictive behavior will dominate all fortune 500 Information Technology investments. Conversations regarding use of Big Data and Analytics are taking place at Sales and Marketing meetings everyday and are quickly making their way up to the boardrooms.
Throughout my career before, at, and after IBM the focus has mostly been on computing Availability, Reliability, and Affordability. My colleagues across the industry and I were able to create value focusing on these three primary vectors. Going forward with commoditization of these skills (Availability, Reliability, and Affordability) through On Demand computing and Software as Service, we are asked to lead our organizations through innovation in analytics toward customer acquisition and retention. I believe the shift toward revenue generation (data, data analytics, and data prediction) is the critical ingredient to a healthy career path. Having said that, “ability to execute on daily bases and keeping the enterprise secure are the prerequisites functions.”
Data Security and On Demand Computing
I will have to lead with my first comment, Data Security. Cross the industry, we continue to approach data security as an extension to physical security schemes developed centuries ago. There are verity of options for creating complex and elaborate moats around the perimeter, expand the defenses by creating complex mazes and honey pots that flash out the intruders and finally deploy security agents that are monitoring the roadways and paths for unauthorized movement. All of these approaches are ventured from physical security point of view and have their own pros and cons. I believe it is time to revise the paradigm and consider all traffic and all requests as potential source of intrusion. So the next question would be “how one would manage data, if data resides on an unsecure location and available to public.” The innovation and technologies that can alter the intrinsic value of data outside of specific environment and usage will be able to revolutionize how information security is approached.
Our organization is a big believer of cloud, also known as On Demand Computing. Our businesses have been able to improve reliability, cost of ownership, and agility using federation of cloud solutions. Big Data continues to be on forefront of investments. Integrating consumer data with channel data has proven to improve analytics and predictability of customer’s future needs. As in regards to Mobile, the train left the station years ago. We see across multiple demographics customers are dependent on their smart mobile devices for communication, entertainment, and shopping experiences. The Internet of all things and social media are realities of today and are integrated into channel strategies. Being able to monetize and track the investments on these specific initiatives back to profitability is still work in progress and requires more adjustments.
Role as a CIO
Looking at valuation assigned to peer-to-peer lending institutions provides an excellent view into how Wall Street views the critical technologies and business models within financial services. Having said that, even though I am a big believer of peer-to-peer markets, I believe in the long haulthehe financial impact will be best driven through innovations in analytics, predictability, reliability of services and data security and privacy.
Even though still critical and priority one, keeping the business running is becoming easier to maintain and less of a leadership discussion. Agility, Innovation, and Talent Retention continues to be a daily part of IT executives. The board discussion is more along the line of growth and loss mitigation using analytics and predictive models. Across different verticals Technology leaders of today are expected to be more engaged in Sales and Marketing and spend less time walking up and down the data centers.
Demands and Issues Addressed in Security
The evolution from task-oriented responsibilities to thought leadership opportunities is a slow progression that ties back to Speed of Trust. Information Technology leaders are expected to execute flawlessly, demonstrate agility, and be good steward of finances before they are able to work their way to the board discussion. IT tactical wins come from impact to profitability through automation, on demand computing, workforce elasticity, new product delivery, and contract negotiation. I believe in the more legacy enterprises the value of IT is more limited to flawless and agile execution of business priorities. In these organizations top line growth strategies continue to be driven with minimal input from Information Technology leadership.
Throughout this interview, I have implied a single position that encompasses CIO and CISO responsibilities. Even though these may be two separate career paths and positions within an organization; the strategy and execution needs to come together as a single tip of spear. I find it best when CISO and CIO have an integrated strategy and priority which gets embedded in every aspect of Information Technology.
Advice for Start-ups Technology Leaders
Think security first, spend as much time possible on Sales and Marketing initiatives, and make sure CFO becomes your number one advocate. Once you have done this three, follow up on regulatory and legal requirements daily. Before you go home, track your company’s large and upcoming competitors. At the end of the day, your job is to be the Chief Innovator and Agent of Change.