Maybe it sounds too “meta,” but we should be able to use technology to solve technology problems.
I had an opportunity today to give the keynote speech at a customer event hosted by Forsythe Technology Canada. Given the company’s focus areas, I was asked to discuss what I saw as future trends in security and storage. Those are obviously topics where you could cover a lot of ground, but I tried to stick with what I thought was most important: the lack of interest or obedience around security policies, the unaddressed need to explore long-term data archival, and the absolute lack of analytics being brought to bear.
This was my rationale: we know that users tend to ignore a lot of IT security policies because there is a scarcity of data available about the vulnerabilities, the history of attacks of data loss in a given firm and what has worked in the past. Job one, in other words, is for IT departments to not simply spend more money on intrusion-detection mechanisms (although they need to do that), but start doing a self-evaluation of their IT security posture. Only once they can confidently assess the number of incidents they have endured, the business impacts it has had and the most challenging areas of vulnerability will they be able to move to a more proactive approach.
Once they have that data – perhaps complimented by third-party information on attacks and vulnerabilities in other companies, industries or geographies – they’ll have to make sense of it all. Business intelligence (BI) software to date has primarily been aimed at pouring through sales transactions, customer records and so on to assist marketing departments, sales units and occasionally finance departments to better allocate their resources and develop strategy.
Think about how BI could be used to leverage security and storage data. Finally, you’d be able to paint a realistic picture of how much data loss really costs the company, or what the opportunity costs are that come from having to deploy so many people on the IT team to responding to Patch Tuesday. You’ll be able to look at the overall volumes of storage in your company and be able to gauge whether the masses of information sitting in various repositories are actually fuelling growth or taking up space.
Analytics become even more interesting when they become predictive. If there’s one area I’d imagine more companies would like to be able to predict the future, it’s when the next employee is going to turn rogue and tamper with enterprise systems. It’s being able to know how quickly the IT department will be able to respond to the next botnet. BI capabilities could certainly help IT managers do a better job of projecting their budgetary needs around security and storage, too.
BI, ultimately, is about making better decisions. Security and storage are two of the biggest areas where decision-making could be improved. Time for someone to take this idea and run with it.