Big data: over-hyped and under utilized

over-hype

(Image not owned by KID)

By Mervyn Mooi, director at Knowledge Integration Dynamics (KID)

 

The spectre of big data analytics is driving businesses everywhere to reevaluate their strategies and consider massive investments to monetise their data. But many are missing the point – big data is available to virtually everyone without significant investment, and is being under-utilised within the enterprise right now.

 

Too many enterprises hold the mistaken belief that to get value from big data, they must invest heavily in infrastructure and software solutions that will allow them to gather practically all the internal and external, structured and unstructured data that exists, store it in massive data reservoirs and then embark on lengthy data analytics processes to arrive at insights.

 

This belief holds them back from fully capitalising on the big data they already have access to. Budget constraints and perceived complexity are limiting their use of data beyond the walls of their own enterprises. This need not be the case.

Big data has been hyped to a point where it has become daunting to many, yet in reality it is just the next level of the BI, fact-finding and business logic that has existed for years.  Big data practice simply delivers quicker value to end-users through enablement factors such as the internet, the cloud and the availability of feature-rich tools.

images-13
(Image not owned by KID)

Big data at its most basic

 

Many of these tools are affordable and scalable to a single user anywhere on the planet. For example, a consumer with a concern about his health might use his smartphone to go online and research high cholesterol symptoms and treatment. He uses a search engine to distill the massive volumes of big data that exist on the subject, he assesses the information, and makes an informed decision to consult a doctor based on that information. This is big data analytics methodology and analytics tools in use in their simplest form.

 

On a larger scale, a car dealer might assess his sales figures and expand his insight by following social media opinions about the car models he sells, studying industry forecasts and trends, and reading columns about buyer priorities. By bringing additional, external inputs into his data, he positions himself to offer better deals or models more likely to sell.

In these cases, the value of the data analysis comes from distilling only the relevant data from multiple sources to support decision-making.

 

Big data as broader BI

 

In large enterprises, large amounts of data already exist – often in siloes within the BI, CRM, customer service centre and sales divisions. This data, supplemented with external data from quality research, social media sentiment analysis, surveys and other sources, becomes big data that can be harnessed to deliver more advanced insights for a competitive edge. Big data is not as big as it sounds, and organisations do not need to invest millions to start benefiting from it. They just need to start looking outside the organisation and bringing in information that is relevant to the business case they want to address.

For many, this will be the extent of their big data analytics needs, and it is achievable with the technologies, skills and data they already have access to.  Big data practice is accommodating of less skilled analysts and is not just pitched for experienced BI or data scientists. Nor should it be the task of IT.

 

In fact, big data practice should be the preserve of business managers, who are best placed to determine what questions should be asked, what external factors impact on business, what information will be relevant, and what steps should be taken once insights are obtained from data analysis. Business managers, who are the data stewards and subject matter experts, will require certain technology tools to analyse the data, but these BI tools are typically user friendly and little training is needed to master them.

 

Big data moves for big business

 

In major enterprises who see potential long term business value from a big data investment, a simple way to assess its value is to outsource big data analysis before taking the plunge. This will allow the enterprise to determine whether the investment will deliver on its promise.

 

Whether outsourced or implemented internally, enterprises must determine at the outset what their objectives for big data projects are, to ensure that they deliver on expectations. Big Data practice is agile and can be applied to any data to deliver any insight.  It is not enough for enterprises to vaguely seek to ‘monetise’ data.

 

This term, which is merely a new spin on ‘data franchising’, remains meaningless without clear business objectives for the big data analysis exercise. To be effective, data analytics must be applied in a strategic way to achieve specific business outcomes.

 

Five data protection approaches to take seriously in 2017

Information security remains a grudge purchase for many, but SA business needs to pay urgent attention to key lessons learnt from increasingly sophisticated breaches.

 

By Veemal Kalanjee, Managing Director at Infoflow – part of the KID group

 

In the past year, we have witnessed increasingly bold and sophisticated attacks on corporate and personal data around the world. The fact that there has been no common modus operandi in these attacks should be cause for concern among businesses everywhere, since this means attacks are unpredictable and harder to mitigate. We’ve seen significant IT organisations breached, and even security-savvy victims tricked into parting with passwords. Clearly, the standard security protocols are no longer enough and data security must be built into the very fabric of the business.

Five key lessons South African businesses need to take from data breach patterns of the past year are:

Security is a C-suite problem. IT professionals are well aware of the risks, but in many cases, the rest of the C-suite sees security as a grudge purchase. This is understandable, because the reality is that most C-level executives are focused on maximising their dwindling budgets to address business- critical initiatives, and protection against data breaches often takes a back seat.

But protection of personal information is becoming legislated and it is only a matter of time before C-suite members are held personally accountable for breaches. Business owns the data and is ultimately responsible for any breaches that occur, regardless of the measures that IT might put in place. The business itself stands to fail if a significant breach occurs.

cloud-caution

(Image not owned by KID)

Business, therefore, needs the visibility into where the vulnerabilities lie for data breaches within an organisation and need to actively participate in assisting IT to ensure that policies are implemented and adapted to address the ever changing security threats. The C-suite cannot afford to sit back and ‘see what happens’ – it needs to immediately determine the risk and weigh it up against the investment, time and effort they want to spend on mitigating that risk.

Cloud caution is warranted. For years, South African businesses were cautious about the security and sovereignty of their data in the cloud. A lack of clearly defined policies (or any policies for that matter) often dissuades organisations from moving to the cloud.

Now, many have moved to cloud, but typically through a hybrid or private model, with data security top of mind. This approach means organisations cannot fully optimise the scalability and other benefits of the public cloud, but it also means that their own data security policies can be applied to protecting their data at all times.

Data classification and DLP strategies are crucial. Classification of sensitive data is an extremely important step in implementing a data loss prevention strategy. This classification becomes the point of departure for understanding where sensitive data lies, how much of it is susceptible to breach and how the organisation is tracking it in terms of protecting its sensitive data assets. Organisations may well have their data centres locked down, but if sensitive data also resides in email, test and development environments or unprotected workflow systems, it remains at risk.

Advanced solutions must be harnessed to manage the data classification process and give C-level users a holistic view into where they stand in terms of protection of data.

Security doesn’t end at encryption. While encryption is an important step in securing data, it is not a foolproof solution for all threats. Encryption is a great mechanism to prevent data access in the case of the theft of physical hardware, but it is just as important to protect data assets from unauthorised access within the organisation.

Some of the biggest data breaches in the past have been due to employees having full access to all systems and leaking sensitive information without the physical theft of hardware. Data Masking is an important consideration to prevent this type of unauthorised access.

An example is production systems that are replicated to multiple test environments. Often the data on production has some level of protection, but as soon as it is “cloned” to the test system, this protection is dropped and unauthorised users are able to access all sensitive information.

Ongoing education remains key. Enforcement of security policies doesn’t only mean applying technology to monitor/track employees’ usage of company’s data assets, but also implies an inherent culture shift in the processes of the business. This is often the biggest stumbling block that needs to be overcome, and ongoing staff education is needed to help staff understand the importance of data security, identify the various risks and possible attack modes, and their roles in securing sensitive data. It is not enough to post notices and have policies in place – ongoing awareness programmes must teach staff about phishing, scamming and the mechanisms hackers use to gain access.

In South Africa, financial services appears to be the leader in terms of data security best practice, mainly due to legislation, international guidelines and the sensitivity of the data the sector works with. However, many other sectors hold highly sensitive data too.  All businesses need to learn from international breach trends and move to assess their data security risk and improve their security strategies.