R. Scott Raynovich — Founder and Chief Analyst of Futuriom
For two decades he has been covering technology in the communications and cloud markets as an editor, analyst, and publisher. Most recently, he was VP of Research at SDxCentral.com, which acquired his previous technology website, Rayno Report, in 2015. Prior to that, he was the editor in chief of Light Reading, where he worked for nine years. He was the founder of the Heavy Reading Insider research service. Raynovich has also served as Investment Editor at Red Herring. He has won several industry awards, including an Editor & Publisher award for Best Business Blog. His analysis has been featured by prominent media outlets including NPR, CNBC, The Wall Street Journal, and the San Jose Mercury News.
Welcome back to the series on the Golden Age of IT, and what digital transformation means for you. Last time, we talked about various elements involved in a digital transformation and a framework for how IT innovation is changing business:
This month, let’s examine some of the risks, including the explosion of data. As applications, connectivity, and the cloud explode, it’s driving exponential growth of data. This is both a blessing and a curse. As applications and connectivity become more pervasive, they are generating more data than ever, which can be useful in running analytics and producing smarter results. However, it also means higher risks, with your enterprise or personal data spread throughout the networks and clouds of the world.
Whether the data is coming from human inputs, edge devices, Internet of Things (IoT), server logs, or mobile devices, data is coming from everywhere at an increasing rate. It is expected that total data will experience a 50-fold increase from 2010 to 2020, according to Insidebigdata.com. Machine-generated data is increasing at an even faster rate. This poses many management risks from an IT perspective, including storage, management, and above all, security.
Managing Data Sprawl
Managing data sprawl may very well turn out to be the number one problem for IT managers in the Golden Age of IT. Some of the challenges include:
- How do you plan to address the storage of all this data?
- How do you gain visibility and manage the flows of data between applications?
- How do you keep track of data moving in and out of the organization, and what employees are doing with the data?
- How do you secure the data and ensure compliance?
Data is the number one risk for security. Whether it’s somebody getting access to sensitive employee data, or IP addresses of your systems, or sensitive corporate data, every piece of data is a piece of risk.
SysSecOps Changes the View of Security
Futuriom’s research into systems security has found that many IT professionals find the ideas of data and systems management and security intertwined. (http://www.futuriom.com/articles/news/the-futuriom-syssecops-report/2017/06).
Referred to by some as Systems and Security Operations (SysSecOps), this means that proper systems and data hygiene carries over to security practices. Security of your company’s data and operations is crucial to the future of your company’s brand – and your job. Just ask the former CEOs of Target and Equifax, who got fired by not watching over corporate data.
Certain landmark security breaches, such as the Target breach in 2013, have had an enormous impact on new thinking about IT security practices. It turned out that some of these risks evolved from connected systems, or clouds, that people did not even know existed.
Studying these breaches brings up many questions: How many partners are sharing access to your system? What data is encrypted, and what is not? Do you really know what’s going on in your cloud systems? Since the Target breach, the concept of SysSecOps has risen to the board level and brought security to the fore in planning IT strategy
What’s does this mean for security? As you use the clouds – public, private and hybrid – you need to understand where specific data and applications reside and what this means for you and your customers. What about additional cloud connectivity – sharing data or access with partners, service providers, or consultants?
Securing Data in the Cloud
In the SysSecOps world, new approaches are being made to secure data and applications in the cloud and across various IT silos, whether they be public, private, or hybrid clouds. Security is becoming a cloud system within itself as applications, networks, and compute infrastructure use APIs, AI, analytics, and cloud surveillance to detect anomalies. The cloud system needs to be wired from the ground up for data security and integrity.
To maintain data security and integrity, first you need to know where it is. That means having a grasp of cloud services, applications and data files being used in your organization. Where do the cloud services that your users are accessing reside? Is the data encrypted? If your employees are regularly accessing cloud services, are they using strong passwords?
As the cloud evolves, data security management will be a major focus of end users looking to manage data sprawl. This could be a big driver to the development of more secure private and hybrid clouds, as IT managers address the risk in data portability. It may be that the most secure place for your most sensitive is on premises on an encrypted service. Or at least you need to know that data in transit to the cloud is being protected and encrypted in the cloud.
Security will also be dependent on requirements by industry. Some companies are subject to stricter data governance rules, such as HIPAA (Health Insurance Portability and Accountability Act) and PCI compliance (PCI DSS), which often drives them toward greater control of data, often locking it down in a private cloud. That’s not to say that all public clouds are inherently less secure, as the major cloud services have all taken steps to secure customer data. But security will drive the public vs. private cloud debate forward.
What’s most important for the enterprise IT manager will not necessarily be picking exclusive use of a cloud approach – whether it be public, private, or hybrid – but having a carefully designed architecture that allows manager to understand and control where the data lives when it’s moving between clouds. Certain key security features will be required regardless of the cloud that is used.
As we move forward into the era of data explosions, keeping track of where your data lives and how it moves around your systems will be one of the biggest challenges of the Golden Age of IT.