Risk Management

Obstacles to Protecting Data Abound

CFOs should apply a similar degree of governance over their organization’s proprietary knowledge as they would over an individual’s personal data.
Rob LivingstoneOctober 24, 2013

Livingstone_Columnist1While the digital landscape continues to evolve, information-security controls are constantly being tested. Generally, an individual’s rights to online privacy are protected by some form of legislation in most countries. As a result, organizations that store and manage an individual’s personal information know they are required to follow a country’s privacy legislation.

However, these rights are being tested. Today, the digital privacy debate is about who gets to own the individual’s online lifestyle patterns.

First, we have regulators who are passing laws aimed at protecting the individual’s rights to privacy. For example, look at the Australian Government’s revised privacy legislation coming into effect in March 2014 and the European Union’s privacy legislation revamp.

Second, we have those looking to monetize the individual’s digital-lifestyle patterns, supported by technologies such as big data. These companies include Google, Microsoft, Amazon and Facebook, all vying for a slice of the $117 billion annual spend on digital advertising.

Third, we have the global ecosystem of security and related agencies, which remain invisible and seem to act with relative impunity. The much publicized PRISM debate over the U.S. National Security Agency’s covert surveillance is one such example.

Opinion_Bug8From a legal standpoint, the corporation is treated as a person, as well. An individual’s right to privacy is similar to a corporation’s right to protect its proprietary knowledge. Corporations that do not handle or store individual’s information may feel justified in adopting a less rigorous information-security position. After all, governance costs money.

The unauthorized use of either the individual’s private information or your organization’s sensitive information can result in significant damage. From the individual’s perspective, this damage could range from minor financial fraud to total identity theft. For the corporation, the impact of the accidental loss or deliberate theft of proprietary knowledge could vary from the trivial to the ultimate failure of the company. The gradual demise of the once substantial Nortel by Chinese hackers is a case in point.

Keep an eye on your data slum

Large amounts of unstructured data, typically in the form of spreadsheets, Word documents and emails form in messy, unplanned data slums. The value of the information contained in this unstructured data in the wrong hands could be worth far more than the structured data contained in your enterprise transactional systems. It is often this unstructured data that contains the rationale for your executive decision-making, organizational strategies and investment plans.

The rapid adoption of cloud and mobile computing are relevant examples of technologies where the physical location of the production data center may not be known with absolute certainty. Global providers use geographically diverse data centers in different countries to minimize the risks to an organization’s IT systems from natural or man-made disasters. While the location of your production systems may be known with certainty, do you know where the backup and related storage mediums reside and how they are protected?

When it comes to cloud computing, you are reliant on the security controls of the service provider. The reported security problems faced by Dropbox are one example of the potential challenges of cloud computing for CFOs concerned about competitive information retention.

The reality is that the digital world is increasingly borderless. Treat it as such when it comes to protecting your organization’s key knowledge assets that are held in digital form. Test assumptions and validate claims made by technology evangelists as to the applicability of a particular technology offering.

Rob Livingstone, a former CIO, is the author of Navigating Through the Cloud. He runs an IT advisory practice and is also a Fellow at the University of Technology Sydney (UTS), Australia, where he teaches strategy and innovation in UTS’s flagship MBITM program. Subscribe to Rob’s monthly insights newsletter at www.rob-livingstone.com or email him at [email protected].