It’s no surprise that we have seen a nearly constant march toward a highly connected digital world. We are all witnesses to this accelerating digital evolution. It is happening right before our eyes — sometimes quite literally right in front of our eyes, with technologies such as cyber eyeglasses.

There is also a continuous stream of discourse on both the positive and negative aspects of this digital revolution. Many laud detailed, insightful solutions such as IBM Watson for the tremendous benefits they bring to the health care industry. This acclaim contrasts with health concerns related to the extensive use of certain technologies, such as cellphones.

Very few of these discussions, however, have focused on the disconnect inherent in the digital ecosystem. These inconsistencies can create concerns related to information security, privacy and compliance.

Connecting a Fragmented Digital World

In any major evolution, there are always going to be gaps in the desired or even expected connections. The aggressive move toward train travel in the 19th century had a signature moment in the U.S. when the transcontinental railroad was completed in 1869. During this time, however, there were still some 20 different rail types that would necessitate difficult transitions for people and goods traveling around the country.

The ongoing transformation to a digital world is no exception, and there are certainly myriad disconnects to be found. We will focus on several key areas in which these disconnects may present issues related to security and compliance.

Communication From the Top-Down

Let’s start at the top — in this case the top of the organization. Business leaders indicate the importance of security and compliance to the organization in a variety of ways. Common vehicles include periodic communications, general conduct guidelines for members and specific policies related to information security.

Is there consistency in the messages transmitted to different levels of the organization? Does everyone buy in to the level of importance? In practice, does the behavior of the organization differ in substantial ways from the overall goals of the enterprise? The answers to these questions can help IT leaders identify material disconnects.

To cite an example from our daily life, I’m sure most people understand the need to drive cautiously and at appropriate speeds. Everyone knows the posted speed policy, and yet many drivers exceed the limit. A comparable example in the enterprise IT world would be a policy requiring the encryption of all confidential data at rest. Some employees might ignore this standard due to the increased complexity and other performance factors that might result from full compliance with the policy.

Contract Negotiations

Another area that could present substantial gaps is formal contract negotiations between parties. A great deal of effort is put into establishing a contract that protects the interests of both parties, and there are often specific requirements related to the protection of information and services.

However, it is not always straightforward to accurately translate all the applicable contract provisions into actionable policies and procedures for a particular IT deployment. Also, there may be several layers in the organization between those who negotiate the contract and those who interact directly with the data and services. Do the people in charge of implementation and operation understand all the relevant IT security provisions of the contract? In practice, does the environment provide the necessary protections?

Policy and Tools

How about an example from an area that is near and dear to many IT practitioners? That is, the availability of tools that effectively and efficiently support policy rules. Creating good information security policies is certainly hard work, but it is often easier to get the new policy down on paper than it is to acquire, develop, deploy and migrate to tools that can operationally support new policies. This disconnect can lead to additional cost, complexity and inconsistencies in security posture within the organization.

The example above is related primarily to privacy, security and compliance tools, but what about the solutions we utilize each day to get things done, both in our professional and personal worlds? Are there situations in your organization that present gaps in a consistent security posture? Do certain solutions involve stringent controls while alternate, approved solutions have lax controls? Perhaps your organization has specific policies regarding the protection of confidential data in enterprise-provided tools, but the bring-your-own-device (BYOD) option and related services present opportunities to overlook or bypass controls.

Information Blindness

Ironically, the continuous stream of digital information itself can create a dissociative effect. Digital feeds such as social media, email, enterprise messaging and collaborative communities inundate individuals to the point where they become info-blind. People are unable to recognize the important slivers of information within the digital landscape before them.

How many helpful informational messages are sent in your organization each day, week and month? Are personnel now in the habit of simply filing these away or deleting them before absorbing what may be an important security item? In the same way that startups and DevOps talk about the minimum viable product (MVP), as described in “The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses,” by Eric Ries, perhaps we need something akin to a minimum viable digital insight for security.

For individual consumers of information, you may want to check out “The Information Diet: A Case for Conscious Consumption,” by Clay Johnson, for thoughts on managing the digital flood.

Mind the Gaps in Your Digital Transformation

I’m looking forward to a time when more IT security professionals can make use of newly available solutions that deliver greater levels of awareness, deep insights and subject matter expert (SME) augmentation, which can dramatically increase an organization’s security posture.

Solutions such as IBM Watson Security for Cyber Security and the new IBM Machine Learning offering depend on extensive data feeds from the digital world. They may even be able to identify certain gaps in privacy, security and compliance, but there will always be a set of disconnects that we need to identify through a variety of other means. As we keep moving forward with our digital, always-on evolution, we should always remember to mind the gaps.

Learn More About IBM Watson for Cyber Security

More from Artificial Intelligence

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…

4 Ways AI Capabilities Transform Security

Many industries have had to tighten belts in the "new normal". In cybersecurity, artificial intelligence (AI) can help.   Every day of the new normal we learn how the pandemic sped up digital transformation, as reflected in the new opportunities and new risks. For many, organizational complexity and legacy infrastructure and support processes are the leading barriers to the effectiveness of their security.   Adding to the dynamics, short-handed teams are overwhelmed with too much data from disparate sources and…

What’s New in the 2022 Cost of a Data Breach Report

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when…