-By Ashwin Krishnan, Senior Vice President of Product Management, Strategy, Technical Marketing at HyTrust
A tale of how non-technology companies are exposing themselves and us in this journey to cloud
At an executive event a couple of weeks ago, our hostess was the VP of Digital Transformation who was explaining the transformation of that enterprise – which was primarily a food packaging and delivery business until a few years ago. Today – they are an all-digital enterprise. In their food delivery business, they have sensors, data collectors, analytics software, food waste metrics, details of the customers’ buying patterns, regions with food safety violations etc. In short, they have become an all-digital and analytics IT shop. But, a big side effect of this transformation is that they now have a lot of information and are responsible for both the safekeeping and disclosure (that they hold this data). But their primary business focus has not changed – food packaging, delivery. So, in addition to that primary business, now they are expected to be IT savvy and worry about the plethora of digital assets and its safekeeping!
But even if they have the resources, money and time to do so, it is easier said than done. Why so? Because just like this enterprise’s primary business mandate is to package food, deliver it in time to its customers, similarly the primary business that a restaurant chain or a hair salon has not changed even as they go all digital. And with the tools available today – sensors, analytics, social engagement, customized engagements … - the transformation to digital is not all that hard. So, the step towards digital can be accomplished and now they have an endless stream of ‘data’ and ‘actionable analytics’ that they can fuel towards recruiting more fans, presenters and accomplish the primary business goal. But, in this transformation, given IT was never their primary focus, they often fail to realize how the accumulation of digital assets and intrusive profiling they are doing now means they are subject to – both from a moral and ethical standpoint as well as a regulatory and risk management standpoint – a stringent security and compliance framework that they never had to deal with in the past.
And this is the crux of the problem. What’s more, without the need to invest in complex hardware and software aka by going all cloud, their insulation from ever having to see or manage the server racks and storage arrays means the problem is out of sight and conveniently ignored. Until – an #Equifax – happens. And suddenly they realize – along with the regulatory watch dogs, irate customers and unhappy investors – that this sand pit was being dug all along!
So, what does a business do then – go back to the abacus? Absolutely Not. The value that data collection, analytics and customization brings is enormous. There is no going back. But, every business needs to realize three things:
- Their customers need to be made aware of the data that is being collected – full disclosure.
- Investing in house (not outsourced) security expertise to constantly drive awareness of what sort of data is being collected, why and how to protect the same
- Continuous awareness of the regulatory environment (different than #2) and ensuring adherence to the same. Case in point is the much publicized GDPR (General Data Protection Regulation) which brings interesting mandates and power to the end customer like ‘the right to be forgotten’ loosely translating to exhuming all digital footprints when a customer chooses to exercise that option.
Butchering a famous proverb to drive the point home – ‘With great digital transformation, comes great responsibility’. Enterprises – big and small – need to take that seriously.