It’s no surprise that we have seen a nearly constant march toward a highly connected digital world. We are all witnesses to this accelerating digital evolution. It is happening right before our eyes — sometimes quite literally right in front of our eyes, with technologies such as cyber eyeglasses.

There is also a continuous stream of discourse on both the positive and negative aspects of this digital revolution. Many laud detailed, insightful solutions such as IBM Watson for the tremendous benefits they bring to the health care industry. This acclaim contrasts with health concerns related to the extensive use of certain technologies, such as cellphones.

Very few of these discussions, however, have focused on the disconnect inherent in the digital ecosystem. These inconsistencies can create concerns related to information security, privacy and compliance.

Connecting a Fragmented Digital World

In any major evolution, there are always going to be gaps in the desired or even expected connections. The aggressive move toward train travel in the 19th century had a signature moment in the U.S. when the transcontinental railroad was completed in 1869. During this time, however, there were still some 20 different rail types that would necessitate difficult transitions for people and goods traveling around the country.

The ongoing transformation to a digital world is no exception, and there are certainly myriad disconnects to be found. We will focus on several key areas in which these disconnects may present issues related to security and compliance.

Communication From the Top-Down

Let’s start at the top — in this case the top of the organization. Business leaders indicate the importance of security and compliance to the organization in a variety of ways. Common vehicles include periodic communications, general conduct guidelines for members and specific policies related to information security.

Is there consistency in the messages transmitted to different levels of the organization? Does everyone buy in to the level of importance? In practice, does the behavior of the organization differ in substantial ways from the overall goals of the enterprise? The answers to these questions can help IT leaders identify material disconnects.

To cite an example from our daily life, I’m sure most people understand the need to drive cautiously and at appropriate speeds. Everyone knows the posted speed policy, and yet many drivers exceed the limit. A comparable example in the enterprise IT world would be a policy requiring the encryption of all confidential data at rest. Some employees might ignore this standard due to the increased complexity and other performance factors that might result from full compliance with the policy.

Contract Negotiations

Another area that could present substantial gaps is formal contract negotiations between parties. A great deal of effort is put into establishing a contract that protects the interests of both parties, and there are often specific requirements related to the protection of information and services.

However, it is not always straightforward to accurately translate all the applicable contract provisions into actionable policies and procedures for a particular IT deployment. Also, there may be several layers in the organization between those who negotiate the contract and those who interact directly with the data and services. Do the people in charge of implementation and operation understand all the relevant IT security provisions of the contract? In practice, does the environment provide the necessary protections?

Policy and Tools

How about an example from an area that is near and dear to many IT practitioners? That is, the availability of tools that effectively and efficiently support policy rules. Creating good information security policies is certainly hard work, but it is often easier to get the new policy down on paper than it is to acquire, develop, deploy and migrate to tools that can operationally support new policies. This disconnect can lead to additional cost, complexity and inconsistencies in security posture within the organization.

The example above is related primarily to privacy, security and compliance tools, but what about the solutions we utilize each day to get things done, both in our professional and personal worlds? Are there situations in your organization that present gaps in a consistent security posture? Do certain solutions involve stringent controls while alternate, approved solutions have lax controls? Perhaps your organization has specific policies regarding the protection of confidential data in enterprise-provided tools, but the bring-your-own-device (BYOD) option and related services present opportunities to overlook or bypass controls.

Information Blindness

Ironically, the continuous stream of digital information itself can create a dissociative effect. Digital feeds such as social media, email, enterprise messaging and collaborative communities inundate individuals to the point where they become info-blind. People are unable to recognize the important slivers of information within the digital landscape before them.

How many helpful informational messages are sent in your organization each day, week and month? Are personnel now in the habit of simply filing these away or deleting them before absorbing what may be an important security item? In the same way that startups and DevOps talk about the minimum viable product (MVP), as described in “The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses,” by Eric Ries, perhaps we need something akin to a minimum viable digital insight for security.

For individual consumers of information, you may want to check out “The Information Diet: A Case for Conscious Consumption,” by Clay Johnson, for thoughts on managing the digital flood.

Mind the Gaps in Your Digital Transformation

I’m looking forward to a time when more IT security professionals can make use of newly available solutions that deliver greater levels of awareness, deep insights and subject matter expert (SME) augmentation, which can dramatically increase an organization’s security posture.

Solutions such as IBM Watson Security for Cyber Security and the new IBM Machine Learning offering depend on extensive data feeds from the digital world. They may even be able to identify certain gaps in privacy, security and compliance, but there will always be a set of disconnects that we need to identify through a variety of other means. As we keep moving forward with our digital, always-on evolution, we should always remember to mind the gaps.

Learn More About IBM Watson for Cyber Security

More from Artificial Intelligence

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today