Loading...
You are here:  Home  >  Data Education  >  BI / Data Science News, Articles, & Education  >  BI / Data Science Blogs  >  Current Article

Why Cyber Security and Data Science Have Similar Problems

By   /  December 1, 2017  /  No Comments

Click to learn more about author David Schlesinger.

To begin with, and I say this being of a certain age myself, most top managers are older people. Being older, many operated during a large part of their business career in a non-computer world. The concept of actually using computer data for business advantage only began recently, and then it had to do with the speed by which mainframes could compute reports that were similar to the ones already done manually. The advantage was speed, which resulted in needing to hire fewer people with sharp pencils.

Over the last 17 years, we have witnessed the emergence of the internet as we know it. Yes, I know it seems like it has been a much longer time than that; but unbelievably, the Internet has not always been with us. (Your children may not believe this.)

In the year 2000, Novell network systems were still migrating to TCP/IP.  Mainframes, seen as problematic during the Y2K era were starting to be pushed aside to make way for the brand-new client/server architecture. Then, the driver was the lower cost of computing: not the value of data.

Thus, we go back to the fact that many senior managers did not observe this perspective change at first hand because they were involved with administering a large company’s operational issues. And while they will agree that high Data Quality and cyber security are good things, in much the same way they may agree that apple pie is a good thing, they are much more familiar with apple pie.

Half the battle is in explaining what we do. Very intelligent, seasoned, senior managers do not fully understand the importance, or the complexities, of Data Science and cyber security.  More than one consultant has discovered that many managers aren’t quite sure what “data” is, but do understand what “information” is.

In a quickly moving marketplace, with disruptive businesses popping up on all sides, a fast, upfront fix for any problem seems the preferred solution. Profound, deep, strategic architectures appear to many of these the senior managers like a luxury they cannot afford. (Although they may afford a corporate jet.)

Indeed, the Project Management Foundation years ago discovered after a comprehensive survey, that of all the software and hardware acquisition projects measured in corporations, half of them never finished at all. And the other half of the projects that were completed, half of those were more than double the estimated cost, and were more than a year late.

What has this to do with Data Quality and Data Protection?  I will come to that.

In the 25% of major projects that were completed but over budget and a year late, it may be, in many cases, where dedicated employees, understanding the reluctance of management to accept actual costs of strategic changes, provided highly optimistic numbers so that the project would be approved. Knowing that in the end, the overruns would be beneficial to the company and its customers.

Is this wrong? I let you decide. But it points out many long-term decisions in computerized environments are unfortunately not always understood by senior staff.  In Star Trek, Captain Picard always understood how the warp converter worked; we are not always as lucky with senior managers in our environments.

Another half of the battle is producing ways to deliver this valuable, high-quality information to the business units securely and then teach them how to use it strategically to their advantage.

The endless dashboards, data links, report pages, and portals that are produced are efforts to deliver comprehensive, accurate data to business leaders so they may better operate within their realm. This is hard work, it is admirable work, but it is not always appreciated by senior managers who, having worked among mainframes, believe these masterpieces of analysis and integration are only simple reports. This is both an age gap and a conceptual gap.

Cyber security, likewise, is a new concept to many senior level managers, most of whom are irritated when their computer performs a security update. I sympathize with them regarding the inopportune schedule of some updates, but only very recently have managers come to understand that cyber security is an essential part of doing business when connected to the global Internet.

The security team in your organization constantly fights precisely the same uphill educational battle as do data professionals. You probably wait in line together outside meeting rooms prior to making presentations, greeting each other pleasantly but not having any idea what the other does, which is unfortunate because you should be mutually supportive. But that’s another blog.

This blog does not offer an amazing miracle solution, but points out why the people working in data and the people working in cyber security both face uphill battles to do the right thing for the company, for the customers, and for the stockholders. Hopefully, as leaders rise to power who perceive quality data as a business accelerant and cyber security as a requirement for all business, companies will become more efficient and better protected.

About the author

David Schlesinger, CISSP, brings 27 years of experience in information technology and data security management to data security. He is certified in cybersecurity and is a past president of the Phoenix ISSA, a security professional association.  David has authored two US Patents for data governance methods that use Metadata classifications to audit and automate user rights and regulatory compliance. His book on finding hidden security and governance gaps in an enterprise, The Hidden Corporation, is published by Technics Publications.

You might also like...

To Get Value from Data, Organizations Should Also Focus on Data Flow

Read More →