Security Budget Judo

ORG CHARTS DETERMINE RISK

A lot has been written about companies struggling to invest enough in CyberSecurity, given today’s epidemic of data breaches, ransomware, identity theft and other damaging online attacks. However, the discussion needs to be had at the next level of granularity. All budgets across the enterprise are allocated along organizational business unit lines, often divided down through the hierarchy. IT budgets are no different. Conway’s Law basically declares products are a function of their producers’ org charts. That’s a very appropriate strategic framework to apply against escalating security challenges.

VMworld 2019: From Shared Responsibility to Full Accountability

GOVERNANCE

As we enter the 2nd decade of cloud adoption, IT’s primary role has shifted from full stack implementation and delivery of technology solutions, to governance of same by SaaS and Cloud providers. Those providers are responsible for the technology layers, whereas IT assumes responsibility for the security and compliance of data in the cloud. That’s the business view of Shared Responsibility in the cloud.

Can you still Trust your Single Source of Truth?

The torrid pace of Digital Transformation is stretching Enterprise Resource Planning (ERP) financial systems in uncharted directions. Business opportunities to address modern customer requirements also carry new Security, Governance and Compliance risks. The distribution of operational data across many SaaS, PaaS & IaaS Clouds, recently merged/acquired companies, suppliers, distributors, channel partners and end customer Systems of Record, is a new existential threat. Finance teams and other business leaders running their departments with this fragmented operational data, have realized the Single Source of Truth concept born in the Client/Server era is now breaking at the seams.

Facebook Libra - opportunity you didn't read about at launch

(Prologue - I am a public Facebook skeptic due to their numerous privacy and security shortcomings. See my #DataResponsibility blog. However I am encouraged by the steps Facebook’s Calibra Team outlined in the design of their first token offering)


The highly anticipated announcement (not launch) of "Facebook's Blockchain" focused on the many sides of its payment features. Serving the under-banked, removing payment friction for those with credit, tackling global crypto governance, domestic & international regulatory tangents, will all dominate Libra discussion for the foreseeable future. But those topics merely hint at its potential for both good & evil. This key paper of the Libra announcement indicates where the hidden majority of opportunity & risk actually lies.

Data Responsibility: An Open Letter To The Tech Industry

2017 will be remembered as the End of our Data Innocence.

We saw next-level data breaches (Equifax, Yahoo!, SEC, Uber, etc), the #FakeNews epidemic, political weaponization of Social Media, and the recurring threats (both hyperbolic and very real)  on the hazards of unchecked AI.

Data-related events are escalating in public visibility and impact, and pose one of the greatest threats to the advancement of the tech industry that we’ve ever seen. And while it’s easy to sit back and blame criminals, rogue nations or other bad actors, the time for being passive is behind us.

DATA RESPONSIBILITY MUST BECOME A PRIORITY FOR OUR INDUSTRY.