IIIS: Data governance, risk and compliance

IDC vice-president of storage/Big Data urges IT managers to see GRC as an asset, not a law issue

Data governance, risk and compliance (GRC) should be viewed by IT managers as a business asset rather than something for the law firm to deal with, according to an IDC US senior analyst.

Speaking at the Implementing Information Infrastructure Symposium (IIIS) in Sydney this week, IDC US vice-president of storage and Big Data, Benjamin Woo, said that IT managers and CIOs need to understand the GRC — not because they want to be lawyers or paper pushers but because every day they are enabling an organisation to do its work.

Read more on the IIIS event

View pictures from IIIS

"GRC is not about keeping data, but how we enable the data that we keep, and the information that we generate, and how we use that in corporations," Woo said.

"How does the data that I keep impact my business? And that's not something that we always think about as IT people."

He cited IDC US statistics from 2009 that showed 800 exabytes of data was generated globally. However, this did not include stored data.

"In 10 years we are going to grow that data amount 44 times to 35 zettabytes by 2020 and almost 50 per cent of new data generated will be in the Cloud within 10 years, which means someone else is going to be touching your information along the way," Woo said.

"This is not about a scare tactic and frightening you into buying security products. The good thing is that only 30 per cent of the data generated is in corporations but there will still be 10 zettabytes to take care of and it will mean a huge impact on the world."

He also said delegates should think of GRC as not something that has to be "beaten into your organisation", but as a business process.

According to Woo, when IT staff think about GRC they think about cost mitigation and how to avoid being sued.

"If you understand how to take the risk out of your environment and how to follow the compliance rules, you can than use Big Data technologies to create situations in which you are proactively mining your data and discovering your data for profit and revenue opportunities," he said.

"That's the key point where organisations turn from understanding that they become record keepers to be taking the data and saying they have digital assets."

Woo drew attention to a website called Qurora which is a crowdsourced collection of questions and answers.

According to Woo, the principles of Qurora made up points which would help IT staff understand GRC

These were:

  • Quality of data.

  • Reliability.

  • Accessibility/availability of the data.

  • Deleting data.

  • Asset ownership in the Cloud.

Woo highlighted a major issue with data in the Cloud which IT managers needed to remember, that of data erasure.

"Many Cloud providers don't actually delete data when you ask them to. There are backup copies," he said.

The IIIS is co-hosted by Storage Networking Industry Association A/NZ and Computerworld Australia.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags Implementing Information Infrastructure Symposium (IIIS)storageIIIS 2011big data

More about IDC AustraliaStorage Networking Industry Association

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place