I learned a new term the other day: data-driven security. I had been talking with Enterprise Management Associates security guru Scott Crawford about remote access security policies in a bring-your-own-device (BYOD) era — yes, that’s a mouthful. But then, in the ever-changing dynamics of IT, he flipped the topic on me.
Big data can help an information security strategy, he said. Really? From what I’ve been hearing from CIOs and chief information security officers, big data — information coming in and out of an organization from all over — is a security threat. I had never heard about big data improving information security strategies.
Crawford enlightened me by explaining that data-driven security — or using technologies like data mining, data analytics and quantitative statistics — is a great way to spot security threats and trends.
“Analyzing big data can give you quicker insights into large volumes of data and security problems, and you can use real-time event alerting,” he said.
In a recent blog post, Crawford explains:
“The data explosion is just as real in security as elsewhere. And just as with other aspects of the intelligence-driven enterprise, big data offers new challenges — and new opportunities. Much more information is available than ever before that can help enterprises identify previously unrecognized threats, sharpen their defenses and acquire the awareness needed to develop more effective risk management programs. Today, techniques are emerging for harnessing this data to improve countermeasures and expand strategic insight.”
Crawford explains his theory in great depth in a five-part series on the rise of data-driven security.
As for the original security topic? Remote access security policies in a BYOD era? Data-loss prevention tools are not a silver bullet, he said. But that’s a topic for another time.
Let us know what you think about this blog post; email: Christina Torode, News Director
Friday again already? Wow, things really do move fast in the tech world. In this week’s roundup of news bits and opinions, we naturally bring you one of many, many ponderings about the new iPad, a leadership move that illustrates how CIOs who consider the consumer come out on top and something so super-geeky we couldn’t help but share it.
- Were you up all night, unable to get an ounce of sleep on the eve of the announcement of the new iPad? Slate’s Farhad Manjoo suggests you weren’t alone, but probably not for the same reasons as these folks — fear.
- Stephen Gillett, the man who brought you free Wi-Fi to go with the java he enabled you to buy with a mobile app, is leaving Starbucks and taking his new-era CIO skills to Best Buy, where they’re hoping he’ll bolster the customer experience through technology while leading their digital business, e-commerce and IT operations.
- Feeling a little bloated with information? This isn’t big data we’re talking about, but all that little data that piles up around you in the seemingly innocuous form of things like email. Check out this advice on how to keep your info “diet” under control.
- If you’re headed to the SXSW festival, don’t forget your invisible coupons.
- Americans really are concerned about privacy, and to prove it, they’re going to Google to search “other search engines” right now.
- We admit it will take a certain breed of geek to really appreciate this particularly outstanding achievement in geekery, but we had to share.
While doing a recent story on the convergence of unified communications and enterprise networking and collaboration, I was reminded again of how disruptive the Internet and mobile-enabled Facebook-Twitter culture are to enterprise business operations.
As I found out in my reporting, many companies — vendors and businesses alike — understand the applicability of social networking and collaboration tools to their workflows. They are eager to use the communication power of social tools like Facebook to speed up and improve business decision making. In a way, they have no choice. Social collaboration has increased the speed and spread of information, and enterprises need to be able to respond more quickly. One way to do that is to incorporate social media tools and unified communications tools (voice, video, Web conferencing and so forth) into the traditional business workflows.
But boy, are we conflicted about this. It seems that everyone, from corporate management to employees to the vendors touting this vision of a fully integrated workplace, has a love-hate relationship with this brave new world of work. According to social collaboration experts, the vendors that are touting unified communications tools are really quite bad at integrating their applications with other vendor applications, taking a “my way or the highway” approach. Management talks a good game for giving employees access to experts, insight into company direction and the ability to make decisions on the spot. But companies also want to make sure they know who is talking to whom, and which employees are accessing which systems.
As many organizational experts have pointed out, the self-organizing power of social networks is a challenge — an in-your-face affront — to the traditional corporate hierarchies and the enterprise software vendors that reinforce those hierarchies. And it’s not just the enterprise 1% that’s conflicted. Many among us 99%-ers, to be honest, would really prefer not to factor yet more information into the daily decisions we have to make to get through a workday.
Self-service business intelligence (BI) is the latest development in what can only be described as the user empowerment movement. We saw it with the cloud, and again with mobile devices; now we’re seeing it with business intelligence.
Users across enterprises are not waiting for IT, the resident statistician or business analyst to produce a report for them. Instead they are asking for and getting access to tools that let them dig for their own data and create their own reports based on the needs of their job function.
Some call this self-service BI, but it is yet another sign of a much larger movement in which IT increasingly is becoming a services broker. Many of the CIOs we’ve talked to have embraced this self-service movement. One case in point is Owens Corning CIO David Johns, who predicts that the majority of IT services one day will be delivered through self-service portals at his company.
I’m oversimplifying here. IT groups are doing more than merely activating services for the user base. They are the folks who are making this user empowerment movement possible by vetting self-service BI tools, mobile devices and cloud providers, and integrating services with back-end systems. They are the ones who are being asked to make sense of the multiple Software as a Service (SaaS) contracts spread across an organization. As one CIO, who asked not to be named, recently told me, his company is attempting to put some governance around multiple SaaS contracts (bought by business units) because the costs are getting out of hand.
A key to successful self-service BI is balancing user freedom with the risks that opening up data access poses to the enterprise. Striking that balance is something that IT will always have to manage with each new grassroots technology movement. In the case of self-service BI, potential risks appear worth it, given the enterprise’s drive to use BI to make workers more productive, create new revenue streams and gain better insight into what customers really want.
We’re feeling a little vulnerable this week, maybe because our cache of tech bits is a little heavy on security issues. And if that’s not enough, we round out the roundup with the most nefarious threat to IT that we’re sure you haven’t thought of in at least a year.
- What are you missing when it comes to data loss prevention? Hint: Look to your left. Now look to your right.
- A look at some of the biggest security issues of the past year, and how they indicate what lies ahead.
- Who poses the biggest threat on the Net? Maybe you should just click on the link; we don’t know who’s watching.
- Do you have the “ability to drive action?” Meet the guy who apparently makes this call (and read about an example of a business use for Klout.)
- Who’s in your mobile wallet? Move over banks, tech companies and startups, big name retailers want in.
- Of course we couldn’t let the week pass without a mention here about Windows 8. Here, the NYT’s Quentin Hardy opines on how it will transform enterprise computing.
- It’s coming! It will sap the speed from your networks! It will suck the productivity from your workers! It’s the biggest threat since Cyber Monday it’s — March Madness, the real Net threat.
I hope I’m not beating a dead horse here, but can I get in another few words about the value of ERP and how it (unlike the aforementioned horse) is not dead? This week, after several chats with analysts and IT leaders I was able to safely establish that the old workhorse system is still as vital as ever. It will stay that way so long as it continues to evolve — like most systems — in the age of big data and mobility.
I even took a peek at the value of ERP going forward. But there was one thing I didn’t have a chance to hit on, and that’s the predicted place of ERP going into the 2020s. Sounds like a long way off, doesn’t it? Like around the time we should finally have our jetpacks and flying cars. Well, analyst Phil Murphy of Forrester Research couldn’t comment on possible Jetsons-style transportation innovation, but he did share a vision of the future that includes ERP.
Murphy, whose focus is business applications, agrees with industry pundits who believe that as we hit 2020, we’ll be in the golden age of software and the “frictionless enterprise.” Manufacturing provides the best illustration for the frictionless concept as businesses leave behind the old push model in favor of lean to keep up with demand. We now have the technology, through social media channels and the like, to sense demand, he said. Nike is already doing this, he added. It aggregates that demand and negotiates with manufacturers to build to it.
“If we accept that this frictionless enterprise is going to happen and that it will happen in many industries, it will need lightweight, on-demand ERP that is consumable as the frictionless enterprise needs it,” Murphy said. “[Businesses] won’t care what server this is on, or what operating system or database. They just want their applications to work, and they’re happy to pay a monthly fee. They might even be happy to start an annual contract, but they want it to be somebody else’s problem.”
In a recent report Murphy penned with colleagues on the topic of business technology in 2020, he also suggests that ERP vendors won’t sell software, they’ll house processing. In this scenario, a business would pay for an ERP capability that houses business rules and data. That information will always be the most recent and will be built to operate globally. In 2020, he predicts, there will only be a handful of ERP instances around the globe.
“I think it’s safe to say the stuff we’re consumed with today — what server are you on, what databases — in the 2020s that will be someone else’s problem,” Murphy said. “Business people don’t want to be tied down with technical jargon that doesn’t matter to them … everything we do has got to be understandable in a business context, and when it is, the wars between business and IT fall away.”
Now that sounds like a peaceful vision.
Many of the technologies businesses rely on to create new services, make workers more productive and serve customers better are the ones most likely to lead to data loss, according to data loss statistics gathered by a recent security study from IT industry association CompTIA.
The “leading culprit” is data in motion, according to the online survey of 1,183 IT and business executives involved in setting security policies for their organization. In other words, all that data being accessed through unsecured Wi-Fi networks, sent through unencrypted emails, and downloaded to USB drives or websites is putting organizations at risk.
Among the 52% of the organizations that reported a data loss in the last 12 months, 65% said that confidential corporate financial data was lost, 52% said that confidential employee data was leaked, 27% reported losing confidential customer data, 26% lost corporate intellectual property, and 21% suspect data loss but couldn’t identify what was lost, according to the data loss statistics.
Still, context is everything. When compared to the growth in the use of social networking, security risks associated with social networking are pretty low, CompTIA argues. The association quickly pointed out, however, that security risks will rise because of malware, social engineering and data mining on such sites.
As for cloud computing, the top three security concerns included downtime, loss of data during transfers to the cloud and a lack of data encryption.
Those surveyed also had “serious concerns” (48%) about employees downloading unauthorized apps to mobile devices, theft or loss of corporate mobile devices (42%), and risks when using open Wi-Fi networks (41%).
The IT and business executives didn’t specify the types of recent data loss prevention tools they have in place or the ones they are considering, but they did share their response strategies for data loss prevention:
- Implement encryption policies for data stored on mobile or portable devices.
- Create a stricter separation between work and personal communications.
- Reinforce acceptable user policies for mobile devices.
- Reinforce or create corporate policies governing the sharing of proprietary information on blogs, forums or social networks.
- Further compartmentalize sensitive corporate data to ensure that only need-to-know employees have access.
Let us know what you think about this blog post; email: Christina Torode, News Director
It was a short week for some, but there was no shortage of intriguing news and opinions to sort through. We’ve rounded up a handful of items to share with you on this Friday, including one of many takes on Target’s “maternal instincts,” websites that don’t need searching and a forthcoming offering from Google that will really be in your face.
The New York Times piece on Target’s extreme targeted marketing via data analytics caught fire and was everywhere this week. Here’s one of the more thoughtful among the many takes on what it all means. It’s a two-part piece; you can click to see the second part at the end of the entry.
And in the further adventures of somewhat scary and scarily innovative data analytics: a company that aims to cut down all that laborious search time and just tell you what you want.
We don’t like the suggestion that CIOs are anything but this — however, Forbes contributer Perry Rotella offers up a trio of succinct steppingstones CIOs should consider in order to be recognized as “first-class executive leaders.”
Here’s something you really don’t want your business to get stuck with. Aside from its vast time-sucking capabilities, there’s another downside to the very hot Pinterest website — potential lawsuits, naturally.
Not to be confused with image recognition app Google Goggles, comes more speculation that Google will release reality-augmenting glasses by year’s end. Is this going to be one of those things we’ll question the point of, then find it becomes ingrained in our lives (hello, Facebook in 2007)? Maybe that eyePhone episode of “Futurama” is eerily prescient.
I can think of two reasons people don’t talk about something. One is that the subject has no importance at all. The other reason is that it is so important people don’t want to share what they know. In the case of advanced business analytics, I can assure you, the latter reason is in play. Silence is golden, so to speak.
This was clear in a story I did this week on a snazzy hotel app deployed by the SLS Hotel at Beverly Hills. The free mobile app basically delivers round-the-clock service — a bottle of Dom Perignon, more shampoo — at the touch of an icon. IT Manager Eric Chao, the hotel’s point man on the mobile app, was happy to talk up the app’s front-end value: how it takes customer service to a new level, etc. But ask about the sophisticated analytics whirring on the backend that allow the hotel to figure out what a guest wants before he even knows it – and this reporter got the cold shoulder. The hotel PR squad flat out said no way.
“The app collects a lot of data,” was about all Chao could say. That, and it’s been “great for business.” Indeed. I have no doubt that the data collected contains information so valuable to the hotel that it’s not sharing it with anybody, never mind reporters.
Chao was not the only circumspect CIO I talked to this week. A CIO in the automotive industry I interviewed yesterday for an upcoming story on mobile BI stopped short when the topic of analytics came up. Routine analytics were handled in-house, he said, but the sophisticated stuff done by statisticians and data scientists—the secret sauce, the golden goose — that analytics was being outsourced. To whom? He couldn’t say, in fact, was prohibited from divulging that information to anyone outside the company.
My take on the silent treatment? If CIOs are not putting a lot of resources into advanced business analytics, they’re in trouble.
By the way, the same silence principle holds true for security too—in particular, app security, but shhhh that’s a post for another day.
Leadership training — in particular, the shaping of future CIOs — was the topic, but as with many conversations about the CIO role, the conversation veered off to a seemingly unrelated topic: mission-critical systems.
More to the point, the talk concerned how CIOs increasingly are finding new uses for the business management systems that have been in place for years. The need to make data more useful to the organization is in part driving this trend, said Bob Rouse, director of the Society for Information Management’s Regional Leadership Forum training program and professor of computer science at Washington University in St. Louis.
“CIOs are expected to make administration systems more efficient and save money for the company, but that isn’t enough,” Rouse said. “They need to make the systems and themselves more valuable to the company.” One way of doing that is by channeling more capabilities through existing systems, he said.
Doing this exposes CIOs to their true customers — the external ones — by improving how the business delivers services to and meets the needs of the people buying its products and services.
To be more industry-specific: Mission-critical systems that gather reams of data can be used to help farmers find better ways to fertilize their fields. Or such systems can help doctors avoid future errors by looking for mistakes in dispensing medications. “Existing systems capture all sorts of data that can be used in new ways to gather intelligence,” Rouse said.
As I was talking to Rouse, another conversation popped into my head, one I had with Jay Leek, vice president of international security at Equifax Inc. He was using his company’s and Equifax customers’ billing systems to identify fraud. By looking at billing systems data and working with the accounting department, he could spot anomalies. For example, he found that one company’s billing systems had been infiltrated by a third party, which was using the systems to bill an Equifax customer for fake services.
In another case, Larry Bonfante, CIO for the United States Tennis Association Inc., is using data analysis from ticket scanners that gives exact on-campus headcounts at the U.S. Open, to pave the way for additional day-pass sales. This equals an additional $1.5 million in revenue for the association. And as SearchCIO.com Features Writer Karen Goulart explains, Bonfante is looking at more ways to use mission-critical systems to generate revenue. One example is the association’s event management system. It is a coordinated public safety response system created for the U.S. Open that is now being shopped to other large-scale event organizers.
It only makes sense, given that the CIO increasingly is being called on to monetize IT , in addition to running business operations, mentoring staff, tapping mobile devices to serve customers in new ways, helping the business expand its global reach through the cloud or social networking …
Let us know what you think of this blog post; email Christina Torode, News Director.