Facts, risks, and opportunities: The explosion of data about us and our companies
Sponsored by EMC, a new study by IDC called “Extracting Value from Chaos” surfaces interesting facts, risks, and opportunities. EMC has issued a related press release with their view of the results. The more complete view is in a PDF summary from IDC and the complete multimedia version, which EMC calls an iView.
As usual, I have extracted comments from the report and added my own views.
The first thing to consider is how the expansion of the ‘digital universe’ is accelerating. This picture from the PDF summary shows how it has expanded over the last few years (expected to surpass 1.8 trillion gigabytes this year, up 900% in five years) and where it is projected to go in the next few.
A Decade of Digital Universe Growth: Storage in Exabytes (Source: IDC’s Digital Universe Study, sponsored by EMC, June 2011)
- “While 75% of the information in the digital universe is generated by individuals, enterprises have some liability for 80% of information in the digital universe at some point in its digital life.”
- “The number of “files,” or containers that encapsulate the information in the digital universe, is growing even faster than the information itself”
They make two critical statements, each of which should make any risk, security, or audit professional think. I have added emphasis:
- “Less than a third of the information in the digital universe can be said to have at least minimal security or protection; only about half the information that should be protected is protected.”
- “The amount of information individuals create themselves — writing documents, taking pictures, downloading music, etc. — is far less than the amount of information being created about them in the digital universe.”
Both as individuals concerned with public information about our personal lives, and as professionals concerned with privacy and protection of confidential information, we should be concerned.
- Are we aware of the information about us as individuals that is publicly available? Consider this recent Mercury News article?
- Does our organization make available any information about individuals – either directly or through partners? Are relevant risks identified and managed?
- Does the organization have adequate controls and security to protect its information assets, in all forms and locations (e.g., where information is stored on mobile devices like iPhones and iPads)? Do those responsible for IT security stay current on where those assets are?
To quote from the PDF:
The frightening realization is that the amount of information that needs to be secured is growing faster than our ability to secure it as employees leverage more mobile devices, consumers knowingly (and unknowingly) share more personal data, and companies find new ways to mine this data.
One other vital point is made, and made well:
In an information society, information is money. The trick is to generate value by extracting the right information from the digital universe — which, at the microcosmic level familiar to the average CIO, can seem as turbulent and unpredictable as the physical universe.
In fact, thanks to new tools and technologies, and new IT and organizational practices, we may be on the threshold of a major period of exploration of the digital universe. The convergence of technologies now makes it possible not only to transform the way business is conducted and managed but also to alter the way we work and live.
There is more, notably about cloud computing and the implications for data center managers (an understandable focus for a storage company) of so-called big data. I will let you absorb those and concentrate on a discussion of the quote above.
Information is money and new technology enables us to access massive volumes of real-time data and convert it into useful information. At the same time, advances in mobile technology are enabling companies to move enterprise applications to phones and tablets – which can change the way people work and create a need to review and re-engineer business processes.
We now have the ability to query billions of real-time records, both within enterprise applications and on the internet, to understand performance, monitor risks, and identify trends, etc. Those queries can be completed in seconds with the latest in-memory technology. Two relevant quotes:
New capture, search, discovery, and analysis tools can help organizations gain insights from their unstructured data, which accounts for more than 90% of the digital universe. These tools can create data about data automatically, much like facial recognition routines that help tag Facebook photos. Data about data, or metadata, is growing twice as fast as the digital universe as a whole.
Business intelligence tools increasingly are dealing with real-time data, whether it’s charging auto insurance premiums based on where people drive, routing power through the intelligent grid, or changing marketing messages on the fly based on social networking responses.
I was on a panel that discussed IT risks at the IIA International Conference in Kuala Lumpur last week. I commented that perhaps the greatest IT-related risk was that our organization would not take advantage of the new technology while a competitor did. While we worried about risks, the competitor reaped the rewards.
This is how the PDF closes, with emphasis added:
The combination of post-recession business growth, a technology renaissance, and the growth of the digital universe this next decade creates a once-in-a-career opportunity for CIOs and their staff to drive change and growth for their organizations. The growth of the digital universe may be a challenge, but it is also a propellant for new and exciting uses of data.
Do you agree? Can we take the risk of not using the data to run our business better?
Recent Posts on this Blog
- Is a new maturity model for GRC the right model? September 25, 2016
- The Wells Fargo “Staff Scam”: More questions and fewer answers September 16, 2016
- The astonishing Wells Fargo fraud September 10, 2016
- Leading an effective information security capability September 4, 2016
- Have your provided comments on the COSO ERM draft? August 31, 2016
- How to do your internal audit risk assessment August 27, 2016
- Do techies really understand cyber risk? August 20, 2016
- Continuing to learn about culture from Toyota August 13, 2016
- The danger of an arrogant board August 7, 2016
- The Board and Technology: Questions to ask the management team July 31, 2016
- IIA Insights on Internal Audit Effectiveness July 22, 2016
- Deloitte predicts change for Internal Audit July 20, 2016
- Risk and Opportunity Management July 2, 2016
- Risk reporting to the Board June 26, 2016
- We need to review and provide feedback on the COSO ERM Exposure Draft June 19, 2016
- Fraud, Abuse, and Corruption September 26, 2016
- Reconsidering the Board: Its Composition and Oversight of Management September 19, 2016
- Time for the Board to Take a Deep Dive Into Risk Management and Risks September 12, 2016
- Oversight of the External Auditor September 6, 2016
- Signs of a Failing Board August 29, 2016
- Contrasting Comments on Internal Audit From a CAE and a Consultant August 23, 2016
- Asking the Tough Questions About Internal Audit August 15, 2016
- When Risk Management Fails August 8, 2016
- An Internal Audit Ambition Model August 1, 2016
- Understanding and Assessing Governance Risk July 25, 2016