Data Security across the Enterprise
Paradigm Shift in Data Security
Over the past five years, great strides have been made toward managing cost and availability. Virtualization, On Demand Computing, and Software as a Service are great examples of the progress that has been made. Conversely, there is tremendous focus on Big Data and data Analytics; and I believe the progresses in this filed will unleash the next wave of business disruption. However, the underlying threat in my industry and soon to come (assuming Big Data will change how every business functions) is Information Security. Majority of the products are focused on data security at network point of entry and exit with few exception focused on network analytics and pattern recognition. As data continues to become a more critical component of new economy, there will be more need for new and innovative technologies and paradigm shift in data security techniques.
Two sides of Integrating Data Across Enterprise
Integrating data is a good news bad news scenario. On the positive side, most fortune 500 companies have been gathering significant data points on their consumers. Along the same trend, the technology providers have provided a slew of options at different value point to meet the needs of this space. On the negative side, the consumer data is not actionable unless it is married to customer delivery channel. However, focus on delivery channel data is a recent phenomenon where many companies are playing catch-up.
The innovation and technologies that can alter the intrinsic value of data outside of specific environment and usage will be able to revolutionize how information security is approached
Throughout my career before, at, and after IBM the focus has mostly been on computing Availability, Reliability, and Affordability. My colleagues across the industry and I were able to create value focusing on these three primary vectors. Going forward with commoditization of these skills (Availability, Reliability, and Affordability) through On Demand computing and Software as Service, we are asked to lead our organizations through innovation in analytics toward customer acquisition and retention. I believe the shift toward revenue generation (data, data analytics, and data prediction) is the critical ingredient to a healthy career path. Having said that, “ability to execute on daily bases and keeping the enterprise secure are the prerequisites functions.”
Data Security and On Demand Computing
I will have to lead with my first comment, Data Security. Cross the industry, we continue to approach data security as an extension to physical security schemes developed centuries ago. There are verity of options for creating complex and elaborate moats around the perimeter, expand the defenses by creating complex mazes and honey pots that flash out the intruders and finally deploy security agents that are monitoring the roadways and paths for unauthorized movement. All of these approaches are ventured from physical security point of view and have their own pros and cons. I believe it is time to revise the paradigm and consider all traffic and all requests as potential source of intrusion. So the next question would be “how one would manage data, if data resides on an unsecure location and available to public.”
Our organization is a big believer of cloud, also known as On Demand Computing. Our businesses have been able to improve reliability, cost of ownership, and agility using federation of cloud solutions. As in regards to Mobile, the train left the station years ago. We see across multiple demographics customers are dependent on their smart mobile devices for communication, entertainment, and shopping experiences. The Internet of all things and social media are realities of today and are integrated into channel strategies. Being able to monetize and track the investments on these specific initiatives back to profitability is still work in progress and requires more adjustments.
Role as a CIO
Looking at valuation assigned to peer-to-peer lending institutions provides an excellent view into how Wall Street views the critical technologies and business models within financial services. Having said that, even though I am a big believer of peer-to-peer markets, I believe in the long haulthehe financial impact will be best driven through innovations in analytics, predictability, reliability of services and data security and privacy.
Even though still critical and priority one, keeping the business running is becoming easier to maintain and less of a leadership discussion. Agility, Innovation, and Talent Retention continues to be a daily part of IT executives. The board discussion is more along the line of growth and loss mitigation using analytics and predictive models.
Demands and Issues Addressed in Security
The evolution from task-oriented responsibilities to thought leadership opportunities is a slow progression that ties back to Speed of Trust. IT leaders are expected to execute flawlessly, demonstrate agility, and be good steward of finances before they are able to work their way to the board discussion. IT tactical wins come from impact to profitability through automation, on demand computing, workforce elasticity, new product delivery, and contract negotiation. I believe in the more legacy enterprises the value of IT is more limited to flawless and agile execution of business priorities. In these organizations top line growth strategies continue to be driven with minimal input from Information Technology leadership.
Throughout this interview, I have implied a single position that encompasses CIO and CISO responsibilities. I find it best when CISO and CIO have an integrated strategy and priority which gets embedded in every aspect of Information Technology.
See Also :