Sunday, May 29, 2016

Data Analytics in Information Security

The paper, "Ten IT-enabled business trends for the decade ahead”, discusses information technology trends and how they might unfold and influence corporate strategy over the next 10 years.  In reading this paper, I ran across one section regarding the ever-increasing importance of big data and advanced analytics that I thought was especially relevant given that a successful strategy involves having up-to-date and accurate information.  I remember that famous quote by W. Edwards Demming:  “In God we trust; all others bring data”.  Just as data is important to crafting an effective and flexible strategy, so to is the quality of data used to make informed decisions.

In my field, Information Security, we are bombarded on a daily basis with multitudes of information.  So much information that reviewing it all would be impossible.  So, instead, we build rules so that certain specific patterns of data provide alerting.  This is a very reactionary way to function.  Many vendors of security related tools have realized this and have started to utilize forms of artificial intelligence and machine learning to establish baselines at a very detailed level.  For example, the algorithm might look at a person’s normal range of login times, the duration of time and types of websites they visit, the types of data exchanges they perform daily, etc.  Once this baseline is established it’s then possible to determine abnormal activity that can then be reviewed.  This trend, security analytics, has been increasing at an extraordinary pace in recent years and many larger organizations now voluntarily share information amongst themselves as a way to gain greater insights into both past and future cyber-security related events.  This additional information, from other organizations, allows my team to develop an information security strategy based not only on trends we have been seeing at our organization, but trends for other organizations as well.  This ability to correlate events that we see internally with other organizations allows us to be much more accurate than would be possible on our own. 

The implementation of data analytics has the potential to provide an unprecedented level of insight for most organizations and the quality of analytics will directly influence the quality of decisions made.  It also makes it possible, due to the frequency and amount of data generated, to more quickly determine whether or not a specific strategy is having the desired results.  The speed at which data analytics now occurs allows organizations to adjust course in near-real time as compared to even 10 years ago.

I am in complete agreement with the article that “Decisions about where corporate capabilities should reside, how external data will be merged with proprietary information, and how to install a culture of data-driven experimentation are becoming major leadership issues”. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.