Data is an increasingly valuable currency for organizations and according to Michelle Dennedy, Chief Privacy Officer for Cisco, “We are entering an age where enterprises are effectively data bankers.” This is particularly true of organizations driving disruptive business strategies.
According to Jeanne Ross of MIT CISR, there are two types of digital disruption taking place in enterprises today – customer engagement and value-added digital business services. Disruptors in these strategies use data to change either how they engage customers or what value can be extracted by customers and thereby how revenue is obtained. For the latter, consider what GE has done to change its business model by moving from equipment to services.
When you put data at the center of an organization’s business strategy, you fundamentally change its business. Chief Information Officers (CIOs) see the insights extracted from this data as either the gold at the end of the rainbow or as the muscles needed to compete but tangible business value is created here regardless of which digital strategy your organization is pursuing.
Think, however, about the impact to customer experience if you do not protect the privacy of those that are in a customer insights database. Clearly, as you put together more of your customers’ digital lives for omnichannel marketing, the risk of unauthorized access to customer data only increases. At the same time, when data itself becomes the product there is real risk to its value if what you are charging for becomes released for all to see.
The economic impact of either loss is significant meaning that digital disruptors need to put real attention and dollars into protecting their data directly. In fact, one banking CIO has suggested that Fintech startups do not have the resources to compete against major financial industry incumbents at protecting data. They cannot afford to do what the majors do and this CIO suggests that as a result, protecting data can even be a go forward competitive advantage.
With sensitive data always at risk of a potential attack, those in charge of digital strategies are waking up to the need to adopt more rigorous policies and capabilities to protect data as it moves from being a corporate asset to a foundational business capability. The goal should be to stop targeted cyber-attacks from creating data losses of “the gold at the end of the rainbow” that drives customer engagement and value add digital businesses.
In order to do this, CIOs and Chief Information Security Officers (CISOs) tell me that the emphasis needs to move from the application to the data touch points and that this requires data security to be baked in from the start. CIOs say security today needs to be systematic, with the ability to centrally govern and audit data access, and enforce protection policies across every location that data flows – at rest, in motion, and in use.
This is essential regardless of the nature of data (structured, semi-structured and unstructured) and irrespective of how it is stored (traditional database, big data file system and cloud based BI applications). This is a big change in approach for many but according to experts like Michelle Dennedy, Cisco’s Chief Privacy Officer, it is truly ‘next step’ because it protects the value.
I am not sure if every organization thinks this way but Dennedy’s Privacy Engineer’s Manifesto (yes, there are two other authors and many notable contributors) suggests that privacy and data protection needs to be “purposely architected” into the systems that run today’s enterprises. Doing this clearly matters where customer satisfaction is an imperative or regulatory pressures exists, which suggests that as the information age has progressed, what is needed to protect privacy and data has also progressed. The below chart summarizes the Privacy Engineer’s Manifesto argument here:
The move to the right has needed to occur because people, devices, and systems “seamlessly make handshakes, connect, and process information.” In this environment, the only way to protect sensitive information according to Dennedy, is to protect data itself rather than the things that surround it. Data-centric and person centric protection requires a “proactively engineered systems architecture”.
Clearly, data is foundational to digital disruption. For this reason, getting data protection right should be part and parcel of digital disruption strategy and to me this starts by maturing from perimeter and identity security to data and person centric security. This is how you can reduce risk and use policies to govern security. To learn more about data centric security, I have attached three assets for your review and a link to Dennedy’s Manifesto.
Learn more about managing enterprise data security