Information security practitioners, risk professionals and executives might be blinded by the potential risks of implementing big data and thereby miss out on the value it can provide an organization. ISACA recently released a paper on Big Data which weighs the two sides and makes a clear decision which is the bigger risk.
(Full disclosure: I reviewed and provided feedback on a draft and I am quoted in the press release).
Which is the Greater Risk?
What I like the most is the title: “It May Be Riskier to Ignore Big Data Than Implement It.” It captures my belief that the value that can be obtained by the intelligent and creative use of analytics against the massive data sets available to every organization far outweighs both the cost of the effort and any associated risk.
Most organizations recognize that there is value, although in practice that value is usually limited by their ability to define the critical business questions that can be answered by the use of the wonderful new tools available today against big data.
They are also limited by their belief that they are constrained by inadequacies in their corporate systems.
My view is that almost any organization, no matter what size or type it is, not only can but should be taking advantage of the immense possibilities. Not to do so indicates that they lack both imagination and resolve.
Internal auditors, information security practitioners, risk professionals and executives should be blinded to the great values and possibilities by the risks of moving forward.
Here are a few excerpts from the paper:
New analytics tools and methods are expanding the possibilities for how enterprises can derive value from existing data within their organizations and from freely available external information sources, such as software as a service (SaaS), social media and commercial data sources. While traditional business intelligence has generally targeted 'structured data' that can be easily parsed and analyzed, advances in analytics methods now allow examination of more varied data types.”
"Information security, audit and governance professionals should take a holistic approach and understand the business case of Big Data analytics and the potential technical risk when evaluating the use and deployment of Big Data analytics in their organizations.”
"For information security, audit and governance professionals, lack of clarity about the business case may stifle organizational success and lead to role and responsibility confusion.”
"By looking at how these analytics techniques are transforming enterprises in real-world scenarios, the value becomes apparent as enterprises start to realize dramatic gains in the efficiency, efficacy and performance of mission-critical business processes.”
Understanding this business case can help security, audit and governance practitioners in two ways: It helps them to understand the motivation and rationale driving their business partners who want to apply Big Data analytics techniques within their enterprises, and it helps balance the risk equation so that technical risk and business risk are addressed. Specifically, while some new areas of technical risk may arise as a result of more voluminous and concentrated data, the business consequences of not adopting Big Data analytics may outweigh the technology risk.”
My former colleagues at SAP chimed in with an emphasis on the increased value when more sophisticated tools, especially predictive analytics, are used to mine and produce information from big data.
The SAP paper on this topic, “Predicting the Future of Predictive Analytics” makes the point well. Here are some thoughts from James Fisher, an SAP executive, that focus on the risk of using analytics and big data without making sure that the information you are using to run the business is reliable:
The opportunity of Big Data is huge, and the biggest analytical opportunity I see within that is the use of predictive analytics. The data shows companies favor taking advantage of the opportunities in front of then rather than minimizing risk. Technology is playing a role here and making predictive capabilities even easier to use, embedding them in business processes, automating model creation .... The added question however to ask (and this is really my view) is that this does introduce an inherent risk that people don’t know what they are looking at and blinding follow what the data says …. When you read a weather forecast you immediately sanity check what it says by looking out the window, is everyone doing the same with data?”
You can read more from James on his blog.
My question to you is this: Are you so risk averse when it comes to the use of analytics and big data that you are a barrier to the success of the organization?