IT priorities 2018: Regs, big data, cloud loom large for GRC pros

IT professionals working in compliance and corporate governance appear to be feeling less heat when it comes to allocating time and money to big regulatory initiatives in 2018.

That’s according to findings of the TechTarget IT Priorities 2018 survey: Among the slice of survey takers who reported working in compliance or corporate governance, 40% reported their organization planned to implement a compliance or legal discovery initiative this year, down from the nearly two-thirds of governance, risk and compliance survey takers in 2017 who said they planned to do so.

Experts said the downward trend could be a reflection of companies only wanting to do just enough to remain compliant with relevant regulations, while saving face within their industry and with customers.

“They are still focused on compliance, but they are more focused on how it looks when they say that they are compliant,” said Kevin Johnson, CEO of security consultancy Secure Ideas in Jacksonville, Fla.

Despite the drop, compliance or corporate governance was still the No. 1 priority cited by the survey takers, followed by big data and business analytics projects (32%) and network technology upgrades (25%).

And, according to IT specialists, a strong focus on compliance and other regulatory management duties certainly remains necessary to succeed in today’s global economy.

“Compliance means a lot more today than it did in the past, because the industries are more on the global scale,” said Roy Wattanasin, an information security professional who has worked in the healthcare industry. “A good example of this is GDPR [General Data Protection Regulation], which becomes effective in May 2018. Different legislative bodies are cracking down on companies that are not compliant and adhere to laws.”

Now in its ninth year, the IT Priorities 2018 survey queried more than 1,000 IT professionals about the key application, infrastructure and other tech-related initiatives their companies will be undertaking this year. The respondents represented a wide range of industry verticals based in North America.

TechTarget IT Priorities 2018 survey broad initiatives

Cloud full steam ahead

If your organization operates in an industry where reputation or public opinion are important to your success, then that factors into your decision to do cybersecurity or not.
Reg HarnishCEO, GreyCastle Security

Cloud initiatives also figure large for the 137 survey respondents working in compliance and corporate governance.

When asked which type of data center management projects they expect to deploy in 2018, 51% chose cloud management tools to configure, provision, maintain or adjust cloud resources. This was followed closely by cloud monitoring projects that track and analyze cloud performance (47%).

The trend was not a surprise to Johnson, who said the cloud is an increasingly attractive, viable tech option for industry because of its “cost and flexibility.”

“As new technologies come out, it’s easier for people to deploy them in a third-party cloud system,” Johnson said.

Cloud also topped the list of software initiatives for this group’s 2018 plans, with 35% reporting cloud-based applications will be deployed this year. Rounding out the top three for software initiatives were those geared toward business intelligence and analytics (33%) and big data processing and management (22%).

When asked which cloud-based, software as-a-service applications they expected to implement in 2018, business process management (52%) topped the list, while customer-facing apps were also popular choices: Thirty percent expected SaaS apps would be used for customer experience management, and 36% chose customer relationship management.

Reg Harnish, CEO of GreyCastle Security, based in Troy, N.Y., agreed with the assessment that the cloud remains more popular than ever because of its economic benefits.

“The reason that or businesses and organizations are willing to invest in the cloud now is because it is almost economically negligent to not use the cloud,” Harnish said. “The reality is that the cloud is way, way, way cheaper than trying to do some of the stuff yourself.”

Security anxiety

Securing this cloud data was also a concern: Thirty-one percent of respondents expected to implement a cloud security initiative in 2018. Others factors expected to drive 2018 security initiatives included encryption, data loss prevention, and identity and access management, the IT Priorities 2018 Survey found.

Although IT security projects were a priority for survey respondents, technology pros said it might not be for the reasons many might think: For modern businesses, it’s as much about avoiding a bad cybersecurity reputation as it is about protecting data.

“If your organization operates in an industry where reputation or public opinion are important to your success, then that factors into your decision to do cybersecurity or not,” Harnish said. “It’s still a third party that’s forcing you to do it. You didn’t come up with this, and it’s not your idea; you’re not doing it because of all the right reasons.”

Johnson agreed, noting that businesses are taking cybersecurity more into account during business planning, and security budgets are increasing to reflect the change. However, executives often concentrate on the potential ramifications that come after a breach.

“When I talk to these C-level executives, these boards of directors, one of the main questions they are asking is, ‘How do we handle public exposure?'” he said. “I don’t think it’s bottom line; I think it’s reputation.”

Related:

  • No Related Posts

The State of Big Data 2018

Article ImageBig Data, that corpus of global digital information characterized by velocity, variety, and volume—with contributions from just about every being and machine on the planet—has achieved such a scope and speed of growth that any attempt to quantify it is outdated as soon as it’s measured. If, in the last year, Amazon sold 636 items per second on Amazon Prime Day, YouTube saw 300 hours of video uploaded by users every minute, and Google handled 3.5 billion searches per day, then count on 2018 to bring more of the same.

If 2011 was the year that “data” began answering to “Big Data,” Tamara Dull, director of emerging technologies for SAS’ Best Practices team, says that in 2017, “IoT ripped the ‘big’ right off Big Data’s face.” Dull says, “The story isn’t as much about Big Data, but rather, the Big Data technologies that allow organizations to store and process all kinds of data—structured, semi-structured, and unstructured—at a fraction of the cost and time of traditional technologies.”

That change in emphasis means a permanent shift to figuring out the best way to pull out what’s needed for the people who need it—and doing so in a way that supports their decision making without requiring a data-science degree. It means integrating disparate datasets to create more personalized end-user experiences. As 5G wireless moves closer to fruition, there will be implications for when, where, and how Big Data is accessed by an increasingly mobile userbase. And while pushing data to the edges for faster decision making has its appeal, concerns around data security and privacy abound, especially after a year when data breaches dominated headlines and set consumers on edge.

With Big Data growth getting a boost thanks to such things as your organization’s customer relationship management (CRM), the U.S. president’s Twitter account, and your mother-in-law’s smart thermostat, there’s no time to lose in tackling these challenges.

The Big Data Year in Review

The growth of the Internet of Things (IoT) in commercial and industrial usage is one of the main drivers of Big Data’s expansion in uncharted directions. Stan Lequin, VP of consulting services for Insight, a technology provider of hardware, software, and service solutions to business and government clients, says, “We work with companies that have been around for 200 years, who are now able to pull client endpoint data and analyze it for the first time,” thanks to IoT. “It’s made predictive maintenance and preventative maintenance easier and created new as-a-service possibilities that are entirely new revenue streams.”

Dull sees the IoT having an impact across the board, with manufacturing, transportation, utilities, and healthcare leading the way. She says, “Any organization, regardless of size or shape, can now ask questions like, What does ‘data-driven’ look like for us? What stories are locked inside our data? And can we make money with our data?”

Who gets to dive into the data to answer those questions has changed. “The democratization of Big Data means that we are seeing data push out to the edges,” says Lequin. “Business intelligence for the masses has really picked up over the past year.” He credits an increase in data accessibility within organizations, easier access to external data sources thanks to APIs, and tools that put visualization and analytical capability into the hands of decision makers.

With regard to security concerns in 2017, Dull points out that the devices networked in the IoT don’t necessarily come with robust built-in security, and that puts the onus on consumers. “We can no longer assume that a manufacturer or an app developer is going to do everything they can to make our experience safe and secure. It is now our responsibility as consumers to become amateur security geeks and privacy freaks.” The upside? IoT manufacturers that create safe, secure devices will have a competitive edge.

A Look Ahead at Big Data

Lequin believes that for Big Data in 2018, all the key capabilities are in place, but their adoption and evolution will speed up. “There will be more accessibility; it will be easier to plug in both internal and external data sources—and the database tools with which it’s all done will be easier to work with,” he says. Dull says there’s an urgency to getting the IoT’s contribution to Big Data right. She says, “I’ve been keeping my eye on three ‘S’ developments for IoT: security, standards, and skills. If these three areas don’t get addressed properly—and sooner rather than later—then it’s game over for IoT.”

Personalization will continue to gain importance, according to Craig Smith, CEO and founder of Trinity Insight, an optimization agency that assists ecommerce brands with managing data, digital marketing, and user-experience efforts. “A key part of Big Data is activation in the customer journey,” says Smith. He cites the example of a shopper buying a pair of children’s cleats in-store and providing an email address during the checkout process. Effective personalization might come in the form of an emailed offer for a complimentary ebook on football, a Facebook sidebar ad for football helmets, and a football equipment catalog in the mailbox 12 months later. Due to the complexity of integrating datasets such as account information, web analytics, and search behaviors, Smith says that type of implementation isn’t mainstream yet. “But it will be par for the course in 5 years.”

With the growing importance of mobile usage, all eyes are on 5G, the next-gen network system that will be characterized by higher speeds and capacity and lower latency than existing cellular systems—or at least they should be. “We’re shocked at how much people don’t know about 5G,” says Lequin. “Our expectation is that 5G will be a part of every client conversation we have in late 2019 and 2020. We know it will create a lot more accessibility.”

Finally, Lequin points to one challenge that pre-dates Big Data by approximately 200,000 years: an aversion to change. “Organizations are averse to change; it’s hard to think of as-a-service revenue streams that bring in revenue monthly rather than all at once.” It’s why Lequin says that to get the most value from their Big Data, organizations need one thing above all: blue-sky visionaries who are internal champions and can guide that transformation from analog to digital.

Related:

  • No Related Posts

Free Cyber Warfare and the Laws of War (Cambridge Studies in Internat…

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Related:

  • No Related Posts

What’s new in CCS PU 12.0.1

I do not need a solution (just sharing information)

Symantec Control Compliance Suite 12.0.1: New Capabilities and Significant Enhancements

  1. General Data Protection Regulation (GDPR) Report and Dashboard
    • Flattened GDPR mandate hierarchy (Needs SCU 2017-3)
      • As a Compliance officer, I want to have GDPR mandate to be shown in flat hierarchy.
    • Support for Business Asset
      • As an Information Security User, I want to have capability to group asset as Business Objects and perform various operations on them.
      • To leverage this capability, Customer needs to install hotfix 10102 available on CCS AM 11.1.1.
    • New GDPR reports on Business Asset
      • As a Compliance officer, I want to view GDPR reports on Business Asset. 
    • New GDPR Dashboard
      • As a Compliance Officer, I want to view compliance score of the eco system for GDPR at one place in form of Dashboard.
  2. Feedback incorporation for Modern User Interface (UI) received on CCS 12.0 and Defect fixes
    • New Home Page
      • As the Information Security User, I want Symantec Control Compliance Suite to provide me quick information/health for the eco system along with frequently used links, License Usage and Feature usage on the CCS homepage.
    • Other UI Enhancements as per the feedback received
      • More data/records are displayed in Jobs workspace.
      • You can now collapse the steps view in CER wizard step catalog which provide more space in hierarchy expansion and selection.
      • More space is also available in Asset Select step in the CER wizard.
      • Selected Items section is visible now all the time on CER Wizard.
    • License/Metering changes
      • License metering for MySQL, VMWare and ESXi is implemented.
  3. Out of the box Control Compliance Suite Vulnerability Manager (CCS-VM) Connector
  • As a CCS Administrator, I want to fetch smart rules automatically and test server connection once I provide the CCS-VM Server details.

0

Related:

  • No Related Posts

Fitness Dystopia in the Age of Self-Surveillance

Cybersecurity , Data Breach , Privacy

Fitness Dystopia in the Age of Self-SurveillanceBig Brother, Meet Wearable Fitness DevicesMathew J. Schwartz (euroinfosec) • February 5, 2018

Fitness Dystopia in the Age of Self-Surveillance
Online service providers are increasingly using “big data” analytics of customers’ behavior to market their services. (Source: Spotify)

Orwell got it wrong: We are less likely to surrender our privacy to a totalitarian state than we are to the lure of sharing holiday snaps, cat videos or the route and time you took for your latest cycling, jogging or kiteboarding outing, as captured by a wearable device and fitness app.

See Also:Ransomware: The Look at Future Trends

Unfortunately, such data – published in aggregated, heat map form by Strava, a social network and app for tracking and sharing workouts – has revealed the internal layouts of secret government bases and may pose a risk to groups of users, such as humanitarian workers and members of the military (see Feel the Heat: Strava ‘Big Data’ Maps Sensitive Locations).

“You mean the world can see this?”

Of course, we’re adults. Arguably, privacy and “too much information” tradeoffs are our choice to make.

This Strava heat map reveals the shape of a structure in remote Helmand province in Afghanistan.

But as the Strava saga shows, are we making informed choices? In particular, might an organization’s privacy settings – “privacy zones,” “enhanced privacy zones” and other such nomenclature – be sufficiently complicated that we don’t know what choices would be best for ourselves? Might a data collector such as Strava not understand the societal impact of the collected data becoming public? And might our choices, in aggregate, put some of us individuals at greater risk?

‘Who Hurt You?’

Strava, of course, wasn’t the first product maker or service provider to turn big data gathered from customers toward marketing aims.

Last December, Netflix earned condemnation from some – and light applause from others – after it issued this Sunday evening tweet: “To the 53 people who’ve watched A Christmas Prince every day for the past 18 days: Who hurt you?”

To the 53 people who’ve watched A Christmas Prince every day for the past 18 days: Who hurt you?

— Netflix US (@netflix) December 11, 2017

If you haven’t heard of “A Christmas Prince,” it’s a romantic comedy about an aspiring young female journalist who goes undercover as a tutor to investigate a playboy prince. Apparently, hijinks ensue.

Market to Me, Baby

Even Netflix, however, didn’t invent the “we’ll use your big data in ways to gently rib you while earning a profit from you” shtick.

That marketing award goes to Spotify, which has been gently roasting subscribers’ listening habits since 2016.

Source: Spotify

Again, some see ironic social commentary. Others, however, see an internet-industrial complex that threatens the foundations of our privacy and freedom.

What Big Data Hath Wrought

One upside, perhaps, is that these marketing campaigns demonstrate the types of data that businesses – whether we pay them or not – are amassing on us.

“This gives the public a kind of view into the ways that the major content companies are gathering and using our data,” Jeffrey Chester, head of the nonprofit Center for Digital Democracy, which advocates for consumer privacy rights, told the New York Times last December. “Behind the ease of being able to access video and audio content are very sophisticated customer surveillance and analytics applications, and there’s nothing funny about that.”

Love it when my record player and VCR use their constant surveillance to insult me pic.twitter.com/5T7wgOxvF2

— Parker Higgins, 1337 |-| (@xor) December 11, 2017

Self-Surveillance Regimen

We’re living in an age of self-surveillance.

Source: Spotify

In George Orwell’s “1984,” people were watched by their television. Now, many individuals carry one or more devices that track their location, offer audio and video capabilities, and readily broadcast their personal details across one or more sites. Many of those devices can also track their heart rate while they go about their workout or pursue more private activities.

But heat maps published by Strava and its ilk don’t tell intelligence agencies anything they didn’t already know, says Nick Feamster, a computer science professor at Princeton University and marathoner who extols the benefits such data can provide.

“The map is a public good that allows runners to plan safe routes, discover unfamiliar areas,” he tweets.

‘Strava Theft’

Gathering and publishing such data, however, may have other, unintended consequences.

Users can upload their runs using Strava. Here’s professional runner Allie Kieffer’s 2017 New York City Marathon run; she finished 5th overall.

“Members of the public should take care when using apps such as Strava to ensure they do not inadvertently give away private information and locations,” Sergeant Rob Danby of England’s Humberside Police warned several years ago, saying he’d seen an increase in thefts of bicycles from sheds.

Such reports were not isolated. “Me and a few mates have been targeted and the bikes have been stolen two days ago as a result of tracking our GPS to our homes, if you look at one of your old rides and use satellite image, it will take you [to] your door,” read a 2014 bicycling forum post with “Strava theft” as its subject line.

Many sites allow users to set “exclusion zones” in which their activity will not be reported. But others might still give it away. “Don’t let all your mates ride to yours and set off from there as people will see their tracks converging on your house as it’ll be outside their exclusion zones,” read a response to the “Strava theft” post.

Our Data, Ourselves

Stephen Cobb, a senior security researcher at cybersecurity firm ESET, tells me that the Strava heat map debacle is like a flashback from the start of the World Wide Web, when exuberance sometimes overwhelmed caution.

“Technically it’s cool to swipe the globe, zoom in on data trails. And the app’s features for runners/cyclists are [very] cool,” Cobb says. “But side effects recall early days of WWW: ‘You mean the world can see this?'”

Related:

  • No Related Posts