The Space Between the 1s and 0s – Redux

Categories: Governance, Risk & Compliance

A few months ago, I wrote a short blog  using the “space between the 1s and 0s” as a metaphor to discuss dimensions of data that are beyond just the digits sitting on the disk drive.  These dimensions included how the data was created, who created it and why it was created along with the security implications of those dimensions.  Data created by a business process that includes personal information is much different than the invitation to the company monthly birthday party.  Yet those 1s and 0s, many times, sit side by side on our laptops, servers and storage area networks.   Recently, EMC announced the 2012 findings from IDC’s 6th EMC-sponsored Digital Universe Study. This study has some amazing and interesting results – some directly related to this “space between the 1s and 0s”.

Just like our physical universe, the digital universe continues to expand.  The vast amount of data being created around the world, based on the study, will grow to an almost unimaginable size over the next few years.  Thus, the idea of this ‘space between the 1s and 0s’ seems less of a metaphor and more of a reality as our digital universe gets bigger and bigger.    The security findings alone are very telling.  The study found that the percentage of data in the digital universe that requires protection is growing faster than the Digital Universe itself, from less than a third in 2010 to more than 40% in 2020.  This growth is coupled with the fact that only half the information that needs protection has protection.   One of the other findings in the report highlighted the need (and current lack of) data analytics to transform these 1s and 0s into true information – with actions, conclusions or intelligence derived from the massive set of bytes.

The report made me think about the GRC side of this digital universe.  GRC processes within companies generate a fairly large universe of data.  The management of large data sets, and deriving value from that data, is a critical part of effectively maturing risk and compliance programs.  This falls directly in line with the strategies driving the RSA Archer product development.   Big data, analytics, reporting and workflow are just a few of the focus areas for the RSA Archer platform.   Building more cohesive, connected solutions is the emphasis driving our module strategies.   A core tenet of the product’s focus is to break down silos in organizations to leverage information and workflows across business processes.   Utilizing a business impact analysis as a product from the business continuity program to help prioritize security incidents is just one example of the value a GRC platform like RSA Archer can provide.   This is exactly the type of analytics and value that the study calls for – turning parts of the digital universe into actionable, useful information.

The study goes into much more detail and has some fascinating research.  I would highly suggest a read of the paper.  The report highlights the challenges and opportunities we as technology professionals face in the years to come.  For our own little part of the digital universe – that little galaxy of GRC related 1s and 0s – we need to understand how we can map out the stars, align the planets and bring order to an otherwise chaotic mix of celestial bodies.

Steve Schlarman
Author:

Steve Schlarman is an GRC Strategist for RSA, The Security Division of EMC. With deep compliance, security, audit and IT management expertise, Mr. Schlarman is responsible for product design and architecture for RSA Archer GRC Solutions focusing on IT and Security. Prior to joining Archer, Mr. Schlarman was the Chief Compliance Strategist for Brabeion Software where he led overall product strategy, product management and content management. Before Brabeion, he was a Director in PricewaterhouseCoopers' Advisory Practice, focusing exclusively on information security consulting and auditing. Mr. Schlarman received a Bachelor of Science degree in Mathematical Sciences from Southern Illinois University-Edwardsville. He holds both CISSP and CISM certifications. Subscribe to Steve's RSS feed