Editor’s note: This article will be published in an upcoming issue of the University of Maryland, University College’s Achiever magazine, which features stories on students, faculty and alumni.
Big data–a dream or a potential nightmare?
The amount of information about us as individuals, the products we purchase, the processes we utilize and the businesses that surround us has grown exponentially. At present, we generate more data every two days than we did in aggregate from the dawn of early civilization through the beginning of the 21st Century. Moreover, this information explosion continues to accelerate each year by 40%. This is called the “Big Data Revolution“ and it is not only big volume, it's also big in variety and velocity–meaning different types of data from flat files to streaming video and at a wide range of input speeds and refresh frequencies. Big Data has very big implications for business.
Big Data offers a company new potential to enhance its value across entire product and service lines based on advanced analytics of these large, diverse, and constantly changing data sets. For example, airlines can dynamically optimize fares based on customer preferences, behavior, and sentiment; electric utilities can optimize power generation and distribution based on consumer needs and living habits; and, hospitals can better understand the impact of treatment protocols over a larger population of patients rather than a small sample from an individual doctor or their practice.
Along with new business opportunities, some daunting questions exist around data rights and data ownership and it will likely take some time for a consistent legal framework to emerge. However, in the interim and under any legal circumstance envisioned, companies will continue to have a responsibility to protect private, personal, and sensitive corporate information. In this regard, corporate leaders must know the answer to several key questions: Where does your company stand amongst your peers with respect to data security? Are you leading with best practices or grossly lagging behind? Do you understand and appreciate your liability for any deficiencies? Do you have a plan to address those deficiencies?
Because the cyber threat environment is rapidly advancing, traditional security methods are not only expensive; they simply don't work. Attack surfaces, the ways a company's data can be exploited, are increasing at a time when the attack methods are becoming more sophisticated. Responsible corporate leadership needs to understand their attack surface and the effectiveness of their security measures. We have found many companies are not getting the most for the dollars invested and even found some companies spending much more than their peers with far less results. Since there are no absolutes in security, peer benchmarks provide the best measure to determine how a company is doing in this regard.
Companies need to think and act differently to get the most for their data security investment. This includes a new era of collaboration with competitors. Every enterprise needs to understand the risks they are assuming and what they are mitigating relative to each other. Companies that lead in this area will be advantaged as “trusted partners“ or “trusted providers.“ This helps sales and customer retention as it is seen as a differentiating benefit by most stakeholders. It will also help companies in defense of certain legal cases in the event of data spills, insider disclosures, or remote data theft or destruction.
Collaboration allows companies to create reasonable standards that could stave off more onerous regulation by the Government. A Presidential Executive Order currently being drafted by the White House mandates regulation fill the void if industry does not step up. It also addresses the value of information sharing with an industry and between Government agencies and suggests an enabling framework to proceed. Most beltway insiders expect this Executive Order to be implemented.
In his best-selling book “Megacommunities“, Gerencser argues that public, private and civil sector leaders must unite to address the world's most pressing problems.
While information sharing and collaboration has proven to be a valuable tool in cyber security; organizations can go further and identify where security investment and capabilities could be shared. For example, the electric utility sector could develop a cooperative to monitor and identify imminent attacks on the power grid. With such an approach, the utility could spend less on static security and focus resources dynamically when and where they are needed. While proven effective, an indication and warnings and dynamic response (IWDR) capability is often not affordable by any one company; however, a shared cost approach provides participants with high value at a significantly reduced price. Our experience shows that once an IWDR capability is established, adding companies in the same industry category (for example, transaction oriented companies like banks, or supply chain oriented companies like an auto manufacturers) increases the value at only a slight increase in operating cost. This makes a community or shared services approach practical, affordable, and effective for any individual company.
In the era of the Big Data, corporate leaders and boards have new business opportunities along with a new set of responsibilities. The opportunities will vary greatly by industry but the new responsibilities are fundamentally the same: the protection of personal, corporate, and sensitive data. Companies need to know where they stand amongst their peers, they need to have a plan to improve their data security, and they should look to a community approach to create standards and share the cost burden for meeting those standards. Data security approaches need to shift from the expensive static approaches of the past to the more cost effective dynamic approaches of the future like shared IWDR capabilities. The market will ultimately sort out those companies who capitalize on the opportunities and take the necessary data security steps from those that do not.