[Log In] []

Exploring the science and magic of Identity and Access Management
Monday, July 23, 2018

Personal Data: To Share or Not To Share?

Privacy
Author: Mark Dixon
Monday, June 18, 2018
7:22 am

We talk a lot about restricting what personal data we share on line, but is that sharing all bad? Tom Fishburne nails the issue with this week’s Marketoonist post.

We’re in a marketing catch-22. Consumers increasingly demand hyper-personalized experiences but are increasingly reluctant to hand over the data needed to make those experiences personalized.

Marketoonist 180618

Comments Off on Personal Data: To Share or Not To Share? . Permalink . Trackback URL
WordPress Tags: ,
 

Oracle’s new Internet Intelligence Map

Cloud Services, Technology
Author: Mark Dixon
Friday, June 15, 2018
10:38 am

This is pretty cool.  Oracle is making a free tool available to the public that shows the impact of Internet problems throughout the world.  According to a SiliconAngle article by Mike Wheatley

Available for anyone to use, Oracle’s Internet Intelligence Map constantly tracks the state of the Internet in real-time, allowing people to see how events such as cyberattacks and natural disasters impact on connectivity in different parts of the world.

Internet Intelligence Map

 

Did you know, for example, that as I write this post, the two most impactful trouble spots in the world right now are in Congo and Comoros? Do you care?

This map starkly revealed my geographic ignorance.  I didn’t know that places like Eritrea, Wallis and Futuna and Lesotho even existed!  Yet there they are on this Internet Intelligence Map!  Enjoy!

Comments Off on Oracle’s new Internet Intelligence Map . Permalink . Trackback URL
WordPress Tags:
 

Cisco 2018 Annual Cybersecurity Report

Identity
Author: Mark Dixon
Wednesday, June 13, 2018
3:24 pm

Cisco

Today’s light eading – the Cisco 2018 Security Capabilities Benchmark Study   This report, which “offers insights on security practices from more than 3600 respondents across 26 countries” shows that “defenders have a lot of challenges to overcome.”

The report introduction states,

Adversaries and nation-state actors already have the expertise and tools necessary to take down critical infrastructure and systems and cripple entire regions. But when news surfaces about disruptive and destructive cyber attacks—such as those in Ukraine, for example, or elsewhere in the world—some security professionals might initially think, “Our company’s market/region/technology environment wasn’t a target, so, we’re probably not at risk.”

However, by dismissing what seem like distant campaigns, or allowing the chaos of daily skirmishes with attackers to consume their attention, defenders fail to recognize the speed and scale at which adversaries are amassing and refining their cyber weaponry.

I love that imagery: “chaos of daily skirmishes with attackers to consume their attention.” Sounds like cybersecurity Whac-a-Mole.

So what is a company to do?  The report offers hope:

… defenders will find that making strategic security improvements and adhering to common best practices can reduce exposure to emerging risks, slow attackers’ progress, and provide more visibility into the threat landscape.

The 68 page report provides extensive analysis of the problems confronting us and numerous recommendations to address the complex security issue.  I like page 53, which states:

Faced with potential losses and adverse impact on systems, organizations need to move beyond relying solely on technology for defense.

Cisco research found that only 26% of security issues “can be addressed by technology alone”, while 74% “might also require people and/or policies to address.”

It is a complex world out there. We must think strategically, not just tactically killing each threat as it rears its head.

Comments Off on Cisco 2018 Annual Cybersecurity Report . Permalink . Trackback URL
 

State by State Data Breach Map

Information Security, Privacy
Author: Mark Dixon
Wednesday, June 13, 2018
2:47 pm

Where data breach regulations are in force in your state?

Check out the Snell & Wilmer interactive, state by state Data Breach Map.

SWdatabreach

Comments Off on State by State Data Breach Map . Permalink . Trackback URL
 

GDPR Enforcement – What Will Happen Now?

Information Security, Privacy
Author: Mark Dixon
Tuesday, May 29, 2018
10:54 am

Gdpr1 1

Here we are, four days beyond May 25th – the date when enforcement of the Global Data Protection Regulation was to begin.  So far, no planes have fallen from the sky (remember dire Y2K warnings?) and no specific enforcement actions by the EU have been announced. Privacy activist Max Schrems’ organization noby.eu immediately filed $8.8 billion in lawsuits against Facebook and Google. But what of the EU regulators?  What are their plans?

Only time will tell.  I get the feeling that what will happen with GDPR enforcement is kind of like the Super Bowl.  There has been incessant conversation and speculation leading up to May 25th, and now the game has begun.  It will be played out on the field over the next months and years.  Then we will really know what will happen.

An Dark Reading article, “GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?”, includes some interesting speculation and advice from privacy experts.  I particularly like a comment in the article by  says Dave Lewis, global security advocate at Akamai Technologies. 

There has been an inordinate amount of focus on the potential fines. The reality is that GDPR is very much a push towards ensuring the accountability of the data for which [companies] are stewards.

If that accountability really improves, we should cheer GDPR, not live in fear of its dire consequences.

My two cents …

Comments Off on GDPR Enforcement – What Will Happen Now? . Permalink . Trackback URL
WordPress Tags:
 

From Visual Basic to VBCS

History, Technology
Author: Mark Dixon
Wednesday, May 9, 2018
10:24 am

Vb2pro

Yesterday’s blog post about a new version of Oracle’s Visual Builder Cloud Service reminded me of a little family story from days gone by.  Many years ago, when my oldest son was in seventh grade, he asked me, “What is Basic?” His school math book contained a few lines of Basic code at the end of each chapter.  With a bit of coaching, David soon had all those lines of code running on our IBM PC.

A few weeks later, before leaving on a business trip, I showed David how to use Microsoft Visual Basic. By the time I returned from my trip, he had given a GUI face to all those lines of code by wrapping them in a Visual Basic project.  And the rest is history … David got his first paid programming job at age 16 and is now CIO of Brock Supply, a leading wholesaler of aftermarket auto parts and supplies.  His LinkedIn profile highlights how far he had come from those first baby steps with VB: “Currently driving full ERP replacement (Microsoft Dynamics 365 for Operations), business intelligence, ESB integration, and security initiatives.”

VBCS

Of course Oracle’s VBCS is light years ahead of where Visual Basic was in 1993, but the principles are similar – a WYSIWIG developer interface with facilities for creating code behind the scenes. But now, the apps are created for mobile devices and cloud services, not just Windows PCs.

What will the next couple of decades bring?

 

Comments Off on From Visual Basic to VBCS . Permalink . Trackback URL
 

GDPR Regulators Not Ready?

Privacy
Author: Mark Dixon
Wednesday, May 9, 2018
7:22 am

Gdpr3

I find it incredibly ironic that EU regulators may not be ready to enforce GDPR when scheduled on May 25th.

A Reuters Business News article, European regulators: We’re not ready for new privacy law, reported:

Many of the regulators who will police [GDPR} say they aren’t ready yet. …

Seventeen of 24 authorities who responded to a Reuters survey said they did not yet have the necessary funding, or would initially lack the powers, to fulfill their GDPR duties.

“We’ve realized that our resources were insufficient to cope with the new missions given by the GDPR,” Isabelle Falque-Pierrotin, president of France’s CNIL data privacy watchdog, said in an interview.

After working with customers about GDPR compliance preparation for over 18 months, it has been amazing to me how ill-prepared many companies are, but it was really surprising to learn that the EU may not be ready either!  It all goes to prove that it is much easier to talk about something than actually do it.

 

Comments Off on GDPR Regulators Not Ready? . Permalink . Trackback URL
WordPress Tags:
 

GDPR: A Cost vs. Benefit Analysis

Privacy
Author: Mark Dixon
Tuesday, April 24, 2018
8:34 pm

GDPRvalue

With the May 25th enforcement date for GDPR looming before us, it is easy to focus on the huge investment companies are making in efforts to comply.  

However, an Information Week article authored by Dimitri Sirota, CEO and Co-founder, BigID, offers a brighter picture:

The International Association of Privacy Professionals estimates that Fortune’s Global 500 companies will spend roughly $7.8 billion in order to ensure they are compliant with GDPR – no small sum. Yet, viewing GDPR through the lens of compliance cost alone doesn’t reflect the broader change afforded by the sweeping regulation. Yes, there will be substantial cost association with operationalizing specific obligations inside the organization, but the benefits can be argued to far outweigh the investment.

Sirota proposes tangible business benefits arising from work towards GDPR compliance (selected excerpts are shown):

Understanding the customer

First and foremost, compliance efforts help companies better understand their customer by better understanding their data. If customers are the lifeblood of a modern digital business, then knowing customers’ data takes on commercial “life or death” urgency.

Cyber insurance and civil action savings

Companies mandated to comply [with GDPR], and those showing proof of compliance with these stringent regulations will likely see a significant reduction in annual cyber insurance costs. …

A hard rule on public disclosure is understandably daunting, but the role GDPR will play in helping companies better understand what data they have, its risk and how to protect it, will prove greatly beneficial to avoiding a breach all together.

Minimizing response costs

Through increased data visibility required for compliance, funds spent on determining who exactly was affected by a breach will be all but eliminated.

In conclusion, Sirota takes the optimistic view:

GDPR aims to provide better consumer accountability through better data accounting. Ultimately, this helps build trust between a company and its customers. However, in a very real financial way it also has economic benefit. The investments required to comply with GDPR equip companies to better protect themselves and better extract value from its customers. GDPR at first blush looks like a cost for businesses to incur. But dig deeper and you find it opens up new protections and value.

I am a fan of looking for business benefits of security and compliance beyond reducing risk.  I think the most important benefit that Sirota proposes is understanding the customer because of better understanding of their data.  I really like how he puts it:

Data is the new oil, and knowing exactly what kind of oil, how much and where it is running through the engine not only provides a vehicle to safeguarding data, but also a way to unlock value within that data and improve performance, in a private and secure way.

Thanks for the insight, Dimitri!

Comments Off on GDPR: A Cost vs. Benefit Analysis . Permalink . Trackback URL
WordPress Tags: ,
 

5 stages of data privacy grief

Privacy
Author: Mark Dixon
Monday, April 23, 2018
7:37 am

Do you want some tasty ice cream?  I think Tom Fishburne nailed the essence of why people put up with social media intrusion into their personal space.

Dataprivacy

Comments Off on 5 stages of data privacy grief . Permalink . Trackback URL
 

Data Stewardship – Make Data Work

Information Security
Author: Mark Dixon
Friday, April 20, 2018
2:00 pm

Datasteward

Stewardship: “the management or care of something, particularly the kind that works.” (Vocabulary.com)

I think my favorite new term in the business vernacular is “Data Stewardship.”  I like how vocabulary.com emphasizes that good stewardship leads to things that work.

Extending the concept of stewardship to management of data, a recent article in AnalyticsIndia states:

One of the simplest definitions of data steward comes from the problem statement posed by authors Tom Davenport and Jill Dyché in their 2013 research study, ‘Big Data in Big Companies’:

“Several companies mentioned the need for combining data scientist skills with traditional data management virtues. Solid knowledge of data architectures, metadata, data quality and correction processes, data stewardship and administration, master data management hubs, matching algorithms, and a host of other data-specific topics are important for firms pursuing big data as a long-term strategic differentiator.”

The article defines four major areas of responsibility for a data steward:

  1. Operational Oversight
  2. Data Quality
  3. Privacy, Security and Risk Managment
  4. Policies and Procedures

The third area in this list strikes particularly close to home.  I like the fact that security and privacy are considered to be vital components of data stewardship.  I firmly believe they make data work (as vocabulary.com suggests).

Comments Off on Data Stewardship – Make Data Work . Permalink . Trackback URL
WordPress Tags:
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.