With cybercrime on the rise globally, will volumes of cloud data drive the adoption of ‘centers of excellence’ to harmonize data protection with new security frameworks?

During this time of massive digital transformation in every sector globally, the corporate CIO, Chief Architect, CISO, and most importantly the CDO have become critical players around the corporate boardroom table responding to serious inquiries. But will there be a time when there is a proactive approach to fighting cybercrime that puts these core technology practices in harmony for the benefit of the individual, corporation, or industry?

Protection of critical corporate information

From a corporate perspective, customer information, financial data, and intellectual property are considered ‘critical information,’ to collect and store as executives make informed business and marketing decisions and gain a competitive edge. The overall protection of these valuable assets has become more vital than ever before.

The majority of corporations have strategic data initiatives in place but the reality is that the average company only analyzes only 37–40% of its data, leaving up to 60% at risk as unstructured and unidentified data. With digital business initiatives generating more and more data than ever before in history, a data-first approach to cybersecurity is more important than ever before.

Innovation is driving security

With the volume of data created by increasing IoT devices on the ‘edge’, mobility will drive crucial sensitive information. Classified as ‘data in motion,’ this increased volume of sensitive information will drive the need for greater security to the edge.

Additionally, application services at the edge, such as biometrics or other forms of verification of identification are essential. Business governance models will further drive edge enterprise security for all IoT and mobile devices as the world moves towards the adoption of digital currencies.

I refer to this as ‘end-to-edge’ frameworks for data, security, and privacy.

The concept of all your information following you in your location with privacy, policy, identity, and potentially a blend of virtual and physical surroundings as you check the time in your ‘smart glasses or clothing’ and ‘see’ virtual sales tags and generate data with every step you take as you shop for the afternoon, creates an uneasiness for most people today.

However, predictive analytics will take on a whole new meaning in the retail sector alone, and both governments and corporations must begin to plan for this challenge ahead with frameworks that will give real-time risk models/assessments and assurances for data collection. In particular, commerce transactions, and lobbyists need to get busy making new laws to address the future.

Today, with the cloud holding 60% of all corporate data, organizations need to adopt a data-first strategy for cybersecurity to proactively detect, sequester, and thwart intrusion. This means focusing on the data itself, not just the borders where attackers are kept at bay. As 6G is adopted, these numbers will increase exponentially. However, ultimately, if data cannot be identified, it cannot be secured.

This is why executives need to agree, and thoughtfully come together to address this issue as industries. This would be supported with standards and will protect valuable data from cybercrime threats, putting harmony into these key disciplines within IT and identifying governance around historical, unstructured, and unidentified data, and finally, agreeing on the risk of not doing so.

As discussed, application services at the edge, such as biometrics or other forms of identification, will become an essential way of life and as we move forward with large-scale digital transformations, the programs will be inclusive of all levels of government, banking services, and telecommunications, including data collection, and privacy laws which will increase these demands even further.

The infrastructure of the very near future will see data collected in real-time on the edge with mobility and connected sensors and other IT/OT devices in unprecedented volumes, as ‘smart cities’ or ‘campus environments’ become the norm. This will exceed today’s capacities as we move to 6G to accommodate the volumes of data. Ultimately, everyone has to agree that it is critical to protect all data from cybercrime threats.

However, to accomplish this, boards and technology leadership need to adopt a data-first strategy for cybersecurity, focusing on the data itself in harmony with security and ensuring full visibility of ‘all’ data in motion with new frameworks and privacy laws in place. Identifying and defining all the components will be a massive undertaking inside an enterprise architecture program, in lock-step with the adoption of digital identity, smart contracts, and digital banking systems.

Even though corporations have security programs in place already, the establishment of centers of excellence (COE) in data and security governance models will create the expected security service levels required to allow for the wide-scale adoption of digital transformation. This can address the inherent risk of being connected to personal, corporate, and public networks.

Therefore, the blending of practices of Enterprise Architecture, Security, and Data and Governance models for both future data and historical data need to be addressed in a formal COE Program. This will ensure that expectations at the board level, and practical project levels are both met, for timely and efficient progress of projects and ongoing activities. Architecting for this level of granularity should be the rule, not the exception, as artificial intelligence and IoT devices will continue to drive data volumes and risk up.

The Board Buy-in

Further, the corporate board’s understanding of the relevant cyber security programs should be addressed by an internal executive corporate authority, a CISO, in the realm of board-related activities. This is because the ultimate accountability rests with the CEO to answer for all security-related issues, as serious data breaches have now delivered the message to the boardroom that being ‘unaware’ is no longer an acceptable answer when it comes to matters of privacy and policy of all corporate data.

The bottom line is that the escalations of data breaches globally now demand a seat at the executive board table along with full visibility to understand the risks therein. Customers, collaborators, industry, and supply chain alike will expect this level of commitment, with solid practices and frameworks in place to govern.

About the Author

Based in Calgary, Alberta (Canada), Michele Taylor brings a diverse range of experience within the disciplines of consulting, business development, education, and market development. Currently, she is the appointed CEO of Sovereign Technology & Power Corporation focused on the integration of power and technology solutions globally with high ESG energy sources and industrial enterprise-grade digital identity and cyber security programs, in support of new digital banking transformation programs globally.

Prior to launching IQM’s Enterprise Architecture & CIO Advisory Practice in 2004, her roles included Principal Consultant, Account Manager, and Managing Director with international and domestic technology recruiting, consulting services, advisory and research firms, such as IBM Education, META Group Technology Research & Advisory (Gartner), GSI Group, and C-Bridge Solutions (an MIT Start-up) and Capgemini.

Taylor’s focus has been on transformation for C-Suite, with a heavy focus on CIO, CTO, CISO, and Chief Architects.