Originally published on 1/8/18 at Forbes.
Hacking is no longer new. It’s become a daily conversation in newsrooms and boardrooms everywhere; hacking and data breaches are the never-ending security story of the 21st century. Hackers illegally make their way into the computer systems of companies, hospitals, government institutions and our homes on a daily basis.
The systems that we trust with our personal data, perhaps naïvely and at times reluctantly, are the targets. According to Privacy Rights Clearinghouse, 7,859 data breaches have been made public since 2005 (and the actual number may be higher). Juniper Research estimates that each single data breach will cost more than $150 million on average by 2020.
Strong IT leadership is essential. Data breaches can happen at any moment, and we now need to assess the influx of increasingly massive amounts of data for risk in real time.
But it’s a complex problem. Today, companies the world over collect data at unprecedented rates. Technologies such as artificial intelligence, natural language processing, predictive algorithms, data science and automation leverage data in new and innovative ways we can’t even fully imagine yet. And the Internet of Things (IoT) has garnered momentum by being embedded in everyday appliances from your coffee maker to your car — collecting data about you and your habits to send back to the manufacturer so they can automatically schedule your next oil change or order you more coffee when you’re about to run out.
All of this data has become a river of information about you and your family’s habits, and it’s growing exponentially. Connected cars, according to Hitachi, will generate over 25GB of data per hour, equivalent to dozens of HD movies.
With so much data being generated, it’s imperative to get control over collecting and storing all that data — and to do so securely. What follows are are a few thoughts that will guide you through the many types of strategies, pathways and products out there for your consideration as you continuously improve the protection of your clients’ and company’s data.
Reducing complexity is easier said than done, since IT and data are inherently complex. However, the artistry is in being able to design for simplicity and agility. Some of the most important parts of designing and managing sustainable and adaptable systems are, by far, the least sexy parts.
With that in mind, it’s important to design in, from the beginning: security, disaster recovery, business continuity, compliance, modularity, data architecture and understanding business process flow. Not coincidentally, these topics can be tedious and time-consuming, but they are absolutely necessary to compete in today’s markets.
Survey the industry, analyze new approaches and create a culture of innovation and synthesis. Technology is advancing rapidly. Industries are constantly competing by leveraging and inventing new technologies to get ahead. Some organizations are overwhelmed by everything going on from IoT to blockchain and simply don’t know where to put their resources. Others are diving into everything and chasing every shiny object that comes by.
The key is to take your time and be methodical about new technologies. Read good industry news and blogs by end users, not just the sponsored articles. Send yourself and your staff to good conferences where end users are the speakers, not vendors. Listen to the use cases where people shot themselves in the foot by making avoidable mistakes. These are the best and least expensive lessons you can learn. Then let your staff set up a lab to explore these technologies and, most importantly, how they can benefit the business by solving specific business problems.
It’s time to join forces. In the past, organizations have looked upon data and security as two separate disciplines. Database administrators, business analysts, sales teams, network engineers, server administrators, data architects and others rarely speak the same language, nor do they have the overlapping skills required to understand the benefits and implications of their approaches. This “siloed” approach to IT must end.
If you work in a small- to medium-size company, the same person is most likely attending to most aspects of the company’s IT services, covering all the bases his or herself, with hardly the bandwidth to do it all well but just enough to keep the lights on due to lack of resources. If you’re in a large company, each functional area within IT is often siloed from the others to ensure their own part of the business is running without fault. They rarely collaborate with others within the department, let alone the business. Fortunately, this is changing. Albeit slowly.
With the melding of various technologies in data storage and server virtualization, people are starting to speak with one another, if for no other reason than to figure out who’s responsible for the management and administration of a job that now falls into more than one bucket. Is it the responsibility of the server admin, the storage admin or the network admin? To make matters worse, software-defined everything (network, server and storage) as well as cloud technologies and platforms, continuous integration, containers, IoT, and of course, big data, are scrambling the functions of departments, roles and job titles, leaving everyone’s head spinning. Clarify roles and responsibilities as much as you possibly can, as soon as you possibly can. Then keep the dialogue open.
Finally, consider this: IT is no longer separate from the business. It is an essential and intimately woven part of the business. Sales teams, business analysts, marketing, you name it: Everyone is (or should be) collaborating every day with IT on the best ways to move forward and grow together as a company.
Do you have thoughts that you’d like to share? Let me know in the comments below. I’d love to hear from you.