- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
CIO - In some shape or form, data protection is top of mind for most CIOs these days. It's no surprise that many CIOs list bring-your-own-device (BYOD)/mobile and cloud computing among the top things that keep them awake at night. Mobile and cloud erase the traditional security perimeter behind which organizations have hoarded their data in the past.
To attack this issue from both sides-to improve the efficient use of data within the organization while also improving data protection-one information security and privacy expert says organizations need to take a cue from the government sector, particularly the U.S. Department of Defense (DoD).
"The cyber risk is an asymmetric threat," says Andrew Serwin, CEO and executive director of The Lares Institute, a think tank focused on technology, privacy and information governance. He is also the founding chair of the Privacy, Security, and Information Management Practice and a partner of Foley & Lardner LLP and advisor to the Naval Post Graduate School's Center for Asymmetric Warfare advisory team. "What that really means is there are organized actors who try to use information against us and create an information imbalance. They find the weak link and attack."
These days that weak link may not even be within your organization. For instance, maybe one of your suppliers doesn't follow the same security protocols you do. An attacker could penetrate that supplier's defenses and from there move up the chain into your network.
Information Superiority Allows You to Optimize Risk
"This is not a technology problem," Serwin says. "It's an information problem. What I have been advocating to deal with that is a doctrine that started at DoD, which is Information Superiority. At DoD, they want to have command and control of the information domain. In the private sector, that means you want to make superior use of information within the company to reduce cyber risk, increase profit, reduce costs and protect against brand damage."
According to the DoD, Information Superiority is "a relative state achieved when a competitive advantage is derived from the ability to exploit an 'Information Advantage'," and as "the ability to develop and use information while denying an adversary the same capability."
For instance, Serwin says, the U.S. Navy has taken a leading role in rethinking how the U.S. military leverages data in its operations. He notes that the Chief of Naval Operations has elevated information to the Navy's "Main Battery," its primary weapons systems. A key element of that elevation was the removal of sub-optimal information stovepipes in favor of "Warfighting Wholeness" together with an increased concern with cybersecurity issues.
"In order to achieve Information Superiority, to paraphrase the DoD, the private sector must engage in technical and behavioral modification in how information is collected and processed in order to add value," Serwin says. "The first step private companies should take is to create a governance structure, or committee, that includes key senior stakeholders from departments such as IT, privacy, human resources, audit, legal, treasure, security and others with the goal of increasing the horizontal sharing of information and making information the "Main Battery of Business."