For Data Security, Catering to the Business Will Be Essential
My two-year-old daughter already knows how to use my phone to play with apps. I did not teach her how to do this, so as I watch in awe, I cannot help but think about how the improvement of security products will now address the transitions we expect in the future.
Until recently, security products were geared toward a unique type of person who was technical, a little paranoid and highly skilled. These products were catered to making everyday tasks easier, more secure and less costly. Data security solutions have provided IT and security administrators with a plethora of controls to protect data privacy, fend off threats to sensitive information and help swiftly pass compliance audits. As these solutions deploy to ever-larger environments and scopes, they do not usually have to incur exploding operational costs.
However, in recent years, I have continued to hear about a few issues on the operations side, including a shortage of skills, stricter or lower IT budgets, increased pressure and scrutiny around compliance and data privacy and increased demand to manage more resources and data.
While these matters have always driven innovation around automation and visibility, they are now also demanding simplification based on the need to do more with less technical skills and the need to assign accountability for data security across the enterprise and at business leadership levels.
It is common for IT operations or IT security to handle the demands of managing data security across the entire enterprise. However, it is more likely now that they no longer own the decision-making process. At the same time, as data privacy and confidentiality become the focus of security, there is a call for better data stewardship at higher business levels, giving rise to new positions such as chief risk officer and chief data officer.
The logical conclusion is that to leverage the value of our data security solutions, we must address usability at the business analyst level. This means creating interfaces and processes that walk the analyst through the decision-making process in their language and at their pace and then translating actionable items for the operational enforcers. This will require better visualization, modeling, impact and predictive analysis, drill-downs, in-context controls, automatic workflows and reporting that covers the entire data security strategy. If we make the governance experience fluid and contextual for business leaders, they will be willing and able to make good decisions.