2014 is now upon us: the ball has dropped, the fireworks are over, and now it is time to see what the year brings.
Nobody can know the future, but if there is one thing that is clear, it is that 2014 is shaping up to be a year of exciting developments and rapid change. Things like delivery via automated drone and wearable computing devices, once the domain of only the most speculative sci-fi writers, is now not only possible but seemingly on the brink of becoming “serious business.”
For professionals in the ISACA community, periods of disruptive technology change can sometimes seem daunting; there are a lot of hard questions to answer. How does one secure an automated drone? How does one govern a technology ecosystem that—literally—extends to what corporate citizens wear to work? And how do we ensure users’ privacy rights as we do so?
Answering these questions fully will take time, research, diligence and industry consensus. But as we face these questions, it is useful to consider a few things. First, being in a position to ask these hard questions in the first place is a good thing. Questions that “push the envelope” mean the business is evolving: these questions are a byproduct of the business taking advantage of new markets, exploring more efficient ways of operating, or opening up new pathways to deliver value to the customer.
As such, it is important that we frame risk discussions with the business accordingly. By this I mean that it is important that risk discussions include both technical risks of adoption and business risks of non-adoption.
Obviously, it is important that we address the new technology risks that can arise (since many of them can and will introduce new security and governance challenges that we ignore at our own peril). However, it is also imperative that we counterbalance those with due consideration of the business risks associated with the “status quo,” since businesses that do not adapt alongside their competitors will incur market risk.
The faster the pace of change, the riskier running in place becomes. In the words of Starbucks CEO Howard Schultz, “Any business today that embraces the status quo as an operating principle is…on a death march.”
Additionally, it is important to remember that business leaders asking questions like these of security professionals, risk managers, governance professionals, or other practitioners is a good sign. It indicates trust in the practitioners’ ability to understand the issue and confidence that guidance received will be useful and actionable.
That kind of relationship takes time to build and requires the foundation of a successful and fruitful partnership. If that history is not there, effort is required on the part of the practitioner to build it. (And the faster the pace of change, the more effort required.)
The point is, there will be plenty of tough questions to answer in the weeks and months ahead, and while that is challenging, it is also an optimistic sign for 2014.
Director, Emerging Business and Technology Trends– ISACA/ITGI