Despite big data being an increasing area of focus, just 22 per cent of Australian and New Zealand IT professionals surveyed in ISACA’s 2013 IT Risk/Reward Barometer are confident their enterprise has a policy regarding how it manages big data. Instead, almost two-thirds (61 per cent) of respondents said their company has no policy around big data – and a further 17 per cent of Australasian IT professionals were unsure.
Furthermore, just 5 per cent of IT professionals say their enterprise is very prepared to ensure effective governance and privacy of big data. The majority, 45 per cent, believe their organisation is “adequately prepared” and one-quarter (25 per cent) said they are “not prepared at all”. Yet, information is currency and enterprises must not only protect and manage it, but also use it to drive business value.
Conducted by ISACA, a global association of 110,000 IT security, assurance, governance and risk professionals, the IT Risk/Reward Barometer asked 2,013 IT professionals about the risks and rewards of key trends, including big data. Big data refers to the exponentially growing bytes of information that are created and collected in today’s digital world, often with datasets so large they require specialist software tools to capture, store, manage and analyse the data.
“While there has been an explosion in the data that organisations collect, the processes to manage, store and ensure the security of such information haven’t been as quick to keep up,” said Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, director of information security and IT assurance at BRM Holdich and International Director of ISACA.
“Australian and New Zealand IT professionals need to ask the tough questions to make certain their enterprises are taking the necessary measures to ensure that governance issues and privacy related concerns are properly addressed, and their systems are as secure as possible.”
When asked what the biggest challenge their enterprise is facing with regards to big data, the most-cited reason from Australian and New Zealand respondents was a lack of analytics capabilities or skills (28 per cent). The management and storage of large volumes of data came second, highlighted by 22 per cent of respondents. Compliance requirements were noted by a further 14 per cent of IT professionals.
To help enterprises meet these challenges, ISACA has released a new guide based on the COBIT 5 business framework, which helps enterprises govern and manage their information—COBIT 5: Enabling Information.
“Companies in all industries and all geographies are struggling with massive volumes of data and increasingly complex compliance requirements,” said Steven De Haes, chair of the publication’s development team. “When governance structures and processes are in place, enterprises are much more equipped to handle these challenges.
“At many enterprises, information is spread across multiple isolated silos, repeated in redundant copies scattered throughout the company, and underutilised,” De Haes continued. “ISACA’s goal is to help companies simplify information governance so that they are not only able to handle the information pouring in from a vast number of channels, but also derive value from it.”
COBIT 5: Enabling Information also helps enterprises deal with three key aspects of big data: fraud detection, IT predictive analytics and marketing situational awareness. It aims to provide readers with three key benefits:
1. A comprehensive information model that includes all aspects of information, including stakeholders, goals and good practices. 2. Guidance on how to use COBIT 5 to address common information governance issues, such as Big Data and privacy concerns. 3. A deep understanding of why information needs to be governed and managed, along with clear guidance on how to accomplish that.
COBIT 5: Enabling Information can be purchased from www.isaca.org/enablinginformation. The COBIT 5 framework can be downloaded free of charge at www.isaca.org/cobit.