So, what ways do you see your enterprise’s IT security plans evolving as the business begins introducing semantic web technologies to support data integration among applications and web sites; to help with social media analytics initiatives; to back-end massive data analysis services in the cloud; and to affect other new-age Web services within or connected to your enterprise infrastructure?
It won’t come as much of a surprise if the question of securing against risks that potentially arise with these – or any other – emerging technologies is greeted mainly by shoulder shrugs and shy headshakes. Ernst & Young’s 13th annual Global Information Security
Survey shows that less than a third of global businesses have an IT risk management program capable of addressing the risks related to the use of new technologies.
While the newly released survey was focused on technologies across the board, it does single out that the business adoption of new technologies – cloud computing, social networking and Web 2.0 among them, all of which can intersect in some way with semantic web technologies – are shown to increase risk for 60% of respondents. Just one in ten companies, however, considers examining new and emerging IT trends, whatever they may be, as a very important activity for the information security function to perform.
“New technology always means new risk. It is vital that companies not only recognize this risk, but take action to avoid it,” said Ernst & Young Global IT Risk and Assurance Leader Paul van Kessel in a statement. That this hasn’t happened on a broad scale yet in a time when IT is advancing on so many fronts, not least among them using semantic web technologies to enable data interoperability, should be cause for caution.
It’s not surprising if internal security personnel haven’t been asked to weigh in on some of the semantic web-related pilot projects that may be cooking in an enterprise. It wouldn’t be the first time these individuals have been left out of new projects, although sooner or later it becomes clear that’s a mistake. At the recent Interop show, for example, FOCUS president and chief analyst Barb Goldworm brought up the Gartner statistic that says 60 percent of virtual servers are less secure than physical ones. Part of the reason, she notes, is that “security staff is not involved in virtual projects most of the time.”
It may be time for those helping to guide enterprises step into the breach and ensure that as new technologies – semantic, social, cloud, you name it – come on board, they are appropriately managed for security, as much as anything else. In fact, there’s an interesting effort underway at the University of Missouri that relates to the idea of more oversight of emerging technologies at large in the workspace. As part of its Mizzou Advantage program, it’s introduced an initiative to work on issues around understanding and managing disruptive and transformational technologies.
One of the initial proposed projects in the initiative was about the role the board of directors should take when it comes to disruptive and transformational technologies (you can’t argue that the semantic web isn’t one of those!), as part of their corporate governance responsibilities. “Most technology innovations are good in many respects, but they also have disruptive effects,” says Carsten Strathausen, the facilitator for the Disruptive Technology initiative and a faculty member in the College of Arts and Science at the University of Missouri. “How technology plays in the boardroom and in decision-making matters.”
No comments:
Post a Comment