Facts, risks, and opportunities: The explosion of data about us and our companies
Sponsored by EMC, a new study by IDC called “Extracting Value from Chaos” surfaces interesting facts, risks, and opportunities. EMC has issued a related press release with their view of the results. The more complete view is in a PDF summary from IDC and the complete multimedia version, which EMC calls an iView.
As usual, I have extracted comments from the report and added my own views.
The first thing to consider is how the expansion of the ‘digital universe’ is accelerating. This picture from the PDF summary shows how it has expanded over the last few years (expected to surpass 1.8 trillion gigabytes this year, up 900% in five years) and where it is projected to go in the next few.
A Decade of Digital Universe Growth: Storage in Exabytes (Source: IDC’s Digital Universe Study, sponsored by EMC, June 2011)
- “While 75% of the information in the digital universe is generated by individuals, enterprises have some liability for 80% of information in the digital universe at some point in its digital life.”
- “The number of “files,” or containers that encapsulate the information in the digital universe, is growing even faster than the information itself”
They make two critical statements, each of which should make any risk, security, or audit professional think. I have added emphasis:
- “Less than a third of the information in the digital universe can be said to have at least minimal security or protection; only about half the information that should be protected is protected.”
- “The amount of information individuals create themselves — writing documents, taking pictures, downloading music, etc. — is far less than the amount of information being created about them in the digital universe.”
Both as individuals concerned with public information about our personal lives, and as professionals concerned with privacy and protection of confidential information, we should be concerned.
- Are we aware of the information about us as individuals that is publicly available? Consider this recent Mercury News article?
- Does our organization make available any information about individuals – either directly or through partners? Are relevant risks identified and managed?
- Does the organization have adequate controls and security to protect its information assets, in all forms and locations (e.g., where information is stored on mobile devices like iPhones and iPads)? Do those responsible for IT security stay current on where those assets are?
To quote from the PDF:
The frightening realization is that the amount of information that needs to be secured is growing faster than our ability to secure it as employees leverage more mobile devices, consumers knowingly (and unknowingly) share more personal data, and companies find new ways to mine this data.
One other vital point is made, and made well:
In an information society, information is money. The trick is to generate value by extracting the right information from the digital universe — which, at the microcosmic level familiar to the average CIO, can seem as turbulent and unpredictable as the physical universe.
In fact, thanks to new tools and technologies, and new IT and organizational practices, we may be on the threshold of a major period of exploration of the digital universe. The convergence of technologies now makes it possible not only to transform the way business is conducted and managed but also to alter the way we work and live.
There is more, notably about cloud computing and the implications for data center managers (an understandable focus for a storage company) of so-called big data. I will let you absorb those and concentrate on a discussion of the quote above.
Information is money and new technology enables us to access massive volumes of real-time data and convert it into useful information. At the same time, advances in mobile technology are enabling companies to move enterprise applications to phones and tablets – which can change the way people work and create a need to review and re-engineer business processes.
We now have the ability to query billions of real-time records, both within enterprise applications and on the internet, to understand performance, monitor risks, and identify trends, etc. Those queries can be completed in seconds with the latest in-memory technology. Two relevant quotes:
New capture, search, discovery, and analysis tools can help organizations gain insights from their unstructured data, which accounts for more than 90% of the digital universe. These tools can create data about data automatically, much like facial recognition routines that help tag Facebook photos. Data about data, or metadata, is growing twice as fast as the digital universe as a whole.
Business intelligence tools increasingly are dealing with real-time data, whether it’s charging auto insurance premiums based on where people drive, routing power through the intelligent grid, or changing marketing messages on the fly based on social networking responses.
I was on a panel that discussed IT risks at the IIA International Conference in Kuala Lumpur last week. I commented that perhaps the greatest IT-related risk was that our organization would not take advantage of the new technology while a competitor did. While we worried about risks, the competitor reaped the rewards.
This is how the PDF closes, with emphasis added:
The combination of post-recession business growth, a technology renaissance, and the growth of the digital universe this next decade creates a once-in-a-career opportunity for CIOs and their staff to drive change and growth for their organizations. The growth of the digital universe may be a challenge, but it is also a propellant for new and exciting uses of data.
Do you agree? Can we take the risk of not using the data to run our business better?
Recent Posts on this Blog
- Risk and Culture December 9, 2016
- New guidance on operational risk December 3, 2016
- Why do so many practitioners misunderstand risk? November 26, 2016
- A new front opens in the SOX battle November 20, 2016
- Internal audit reports do the function a great disservice November 12, 2016
- My new book on Auditing that Matters is available November 9, 2016
- Time for a leap change in risk management guidance November 5, 2016
- Cyber security and the board October 29, 2016
- The biggest obstacle to effective risk management October 28, 2016
- A revolution in risk management October 22, 2016
- Why do people commit fraud? October 14, 2016
- What could go wrong with strategy and its execution? October 6, 2016
- Is a new maturity model for GRC the right model? September 25, 2016
- The Wells Fargo “Staff Scam”: More questions and fewer answers September 16, 2016
- The astonishing Wells Fargo fraud September 10, 2016
- How Much Cyberrisk Should We Take? December 9, 2016
- Do We Know How to Audit Technology-related Risks? December 5, 2016
- The State of Information or Cybersecurity November 28, 2016
- Back to the Future for Internal Audit November 21, 2016
- How Do You Change the Culture of the Organization? November 15, 2016
- Why Does ERM Fail So Often? November 7, 2016
- Incentives and Ethics: Transparency International Speaks Out October 31, 2016
- A COSO Gem Helps Assess Risks and Related Control Deficiencies October 25, 2016
- Focusing on the Wrong Line of Defense October 17, 2016
- Internal Audit and the Internet of Things October 10, 2016