Is the term data protection anachronistic?
The only real constant in the technology industry is change, and that change has been accelerating rapidly and is now poised to explode. During the many transformations that have occurred in the industry, legacy terms well known for one thing lose favor or actually wind up adding confusion rather than clarity to the discussions.
Business intelligence, for example, was a well-known term that seemingly addresses what analytics, cognitive computing and machine learning deliver better today than when the term gained broad adoption 20 years ago.
Distributed computing crystallized the value of minicomputers as a way to move computing out beyond glass walled mainframe estates. Engineering wise, it is what we do at the so-called “edge” today as well as on chipsets deployed in endpoint devices.
And data protection is the new term to wind up sounding anachronistic in our current conversations. Data protection historically meant protection from loss or theft. Today’s data protection has to include exposure of that data in the normal course of business that does not violate privacy as well.
Historically, data protection was generally left to IT administrators to determine. However, data privacy and the attendant impact on brand image have changed that dynamic, leading TBR to say that data protection has changed from a boiler room to a board room decision. This implication was on full display during a PwC Risk Assurance event attended by TBR in April 2018 where the conversation in the buffet lines at lunch centered on Facebook CEO Mark Zuckerberg’s congressional testimony taking place at the same time. No corporate executive wants to have to testify before Congress about topics violating their customer trust.
Furthermore, virtualization makes the concept of a security perimeter for protecting data seem archaic given data sits literally everywhere. Defending the data center has given way to securing the persona, with individuals having multiple personas across multiple work and personal access points.
What, then, should be the all-encompassing term to address the broader context of what it means to protect data?
In custom projects around this topic, TBR spends a great deal of time and attention to parse out definitions at the onset of the research. In TBR’s point of view, historical data protection remains a vital pillar within the overall context of data stewardship. If data is the new oil, then managing, protecting and leveraging that data drive the business.
- Managing data implies to TBR the establishment of the global business rules and company governance models. Governance extends beyond the traditional requirements of regulatory compliance to incorporate the corporate risk appetite for exposing data for different use cases. Integral to this is the permissioned access to data users and the permissioned exposure of the different data suppliers, most notably customers.
- Protecting data addresses all the traditional elements associated with the legacy term data protection.
- Leveraging data is the delicate balance of the business management team. On the one hand is the revenue lift that can come from infusing a business action with data mapped back against the risk to the business of exposing that data in that particular use case. Here is where the board room leadership makes the business judgment calls in the data economy, and hence why TBR states that data protection as we knew it has shifted from a boiler room to a board room decision.
Leave a Reply
Want to join the discussion?Feel free to contribute!