The Business-Technology Weave

March 4, 2010  7:11 AM

Data Breaches and the Business-Technology Weave (BTW)

David Scott David Scott Profile: David Scott

Everyone in the organization needs to be a mini-Security Officer these days. What does that mean? It’s time for each person to recognize that every action must be viewed through the prism of security, and activity must be conducted in accordance with defined, attendant, values and standards. It’s part of today’s BTW.

Consider: It has just now come to light that approximately 39,000 physicians and other health care providers in Massachusetts are being warned that personal information, to include Social Security numbers, might be compromised. This past August, a laptop containing data was stolen from an employee at the Blue Cross and Blue Shield Association’s national headquarters in Chicago. Thanks for the timely notification!

It’s easy enough to gauge the general extent of the problem: Just Google “data breach,” “data theft,” etc. In the face of these data thefts (and the vast numbers are hushed), the organization must value security: it must train to, and perform to, specific security standards as determined by the organization’s business, environment, risk, and related needs. Rather than representing an expensive burden, security becomes a weighted concern for new employee orientation, updated refresher trainings, internal organizational newsletters, and so forth. Security consciousness and performance becomes a rated area for every supervisor’s evaluation of every employee during the appraisal process – governance to intern. It’s the business of security as pertains to the organization’s technical assets and data: The Business-Technology Weave.

In the BTW, data security is not the province of IT. It is the province of the organization. Who owns the data? The organization does. IT most definitely can select, size, and maintain security systems – in the technical sense. IT can also train people for security awareness and best practices. But it really needs to be business, as the ultimate stakeholder, that secures business – and business must be intelligent enough to oversee IT and the related security measures there – as well as in the simple human realm. After all, most breaches are due to human error. Who at Blue Cross and Blue Shield allowed the laptop to be stolen? Were there standards for securing laptops? Cables and keys for cubicles? Secure docking stations? Locked doors for offices and protocols for stepping out? Was there security guidance for using, handling and storing laptops? There was? Then, what happened to the employee who “lost” the laptop? Sometimes, examples need to be made…

Any business will get it soon enough: preparedness and prevention guards against damage to the organization’s number one asset: its reputation.

As we’re fond of saying here at the BTW: In the realm of risk, unmanaged possibilities become probabilities. Start thinking about risk and liabilities now, and get security on the table before something like this happens in your organization. Research and educate yourself for all manner of data breaches and how they occurred – then survey your job, your activities, and your place of work for risk. Make suggestions and inspire or take appropriate action depending on your place in the organization.

Get started today.

Coming up: What the heck is a BiT?

March 1, 2010  2:43 PM

Welcome to “The Business-Technology Weave”

David Scott David Scott Profile: David Scott

Greetings fellow business and IT travelers, and welcome to “The Business-Technology Weave” (BTW). The BTW is essentially a brand of electronic culture – an eCulture if you will – that recognizes the interwoven reliance of business and technology, while crafting and sustaining that culture for best returns on present and future business. More about eCulture in the coming days.

By way of introduction, I’ll bring some observations on my part regarding things I’ve seen over the course of 20+ years – both in the trenches (HelpDesk, network engineering/management, direct project management…) and from “on high” in senior executive management, and how I turned those observations toward better business and IT practices. Further, the observations are common to all sorts of environments: public and private, Fortune 500, government, non/not-for-profit, sole-proprietorships and even personal computing. These observations concern the divide between the necessary business of getting things done and the technical supports that enable and sustain that business.

In the middle is the usual politics: user fears; board, management and budget influences; time constraints; costly mistakes; the struggle with vendors and solutions providers; and anything else that whisks us away from our initial expectations, and our carefully crafted projects, timelines and deliveries.

In other words, situations are often inefficient at best, broken at worst. It is a challenge, and ever more so in today’s quickening environment. Even in the best of these, there is always room for improvement – with attendant rewards. Our goal is to make careers and business more secure, more efficient, and more satisfying – while delivering ever greater returns to business, clients, and customers. Whether you’re “Business” or “IT”, you want optimal returns on your investments: Dollars, efforts, and teamwork.

Business and technology are interwoven today. Remove technical supports, and business may sustain 5% productivity. Therefore, here in The Business-Technology Weave, we’ll do three critical things: We will close divides, we will direct purpose, and we will achieve results.

In following the “rule of threes,” we’ll also consider three essential organizations out there:

1) The organization that “doesn’t get it” and likely won’t in terms of creating and sustaining a valid eCulture. They’ll be history.

2) Organizations that do get it, and are “there.” These organizations need to remember (particularly during change of key personnel, and during the stress of large-scale IT and business change) that there’s always room for improvement. Best practices must be maintained and maneuvered into the future. New practices will emerge.

And 3) Organizations that aren’t yet there, but are open to and even questing for a modern eCulture. This may well be the bulk of organizations out there, and you just might reap some nice bonuses for ideas and deliveries of new and better ways of looking at things. Who among us cannot use some accolades for achieving things, sustaining best practices, best progressions, and better business?

A final thought: This is the IT Knowledge Exchange, and the majority of readers are likely “IT.” However, in helping “business” (non-IT) people to help you (IT), it is our goal to craft this forum such that your business people can come here, learn, and better interface with you. Please point them here when relevant topics are discussed. This just might be the forum they’ve needed for a long time, even as they didn’t realize that need.

Welcome aboard! And in the next days, we’ll get down to the business of better business.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: