Striving for better customer service, market intelligence and business efficiencies, Fortune 500 companies—especially in the fields of financial services, insurance, health care and retail—are investing in Big Data infrastructures to support more advanced analytics. These firms are looking to understand customer behavior better, flag security risks and insure they are complying with ever-changing regulatory landscape. The power of these infrastructures is that they allow analysts an ability to analyze more data than ever before. For Big Data to power new insights, it is critical that firms move their core customer and transaction histories into these new environments in addition to any new data sources that may be brought in. In a large enterprise, this often means taking data once stored and processed on the highly-secure mainframe and move it off-platform. This, paired with many high-profile breaches of consumer data, has driven heightened security and compliance regulations— such as the Dodd-Frank Act— around how personal data is stored, analyzed and used by large enterprises.
As innovation brings faster tools to analyze and utilize data, executives will continue to have an interest in using it to better understand and serve customers. And they should move forward with those projects, but must also take additional steps to fit them into a regulatory framework. There are many steps—both policy- and technology-driven— that executives can take to initiate these projects while balancing compliance and security.
First, firms must set policies that protect customer privacy; the rules an organization will abide by to ensure customersí personally identifiable information (PII) is stored securely and not being misused. The second step is to put in place mechanisms that prevent rule-breaking; rules that govern data access and prevent possible hacking. Finally, there must also be a record of access; a system or repository to query when a violation has occurred and analyze who accessed which data and when.
Steps to Balancing Compliance and Security
|1. Set policies that protect customer privacy: These are the rules your organization will abide by to ensure customersí personally identifiable information (PII) is stored securely and not being misused.|
|2. Put in place mechanisms that prevent rule-breaking: These are rules that govern data access and prevent possible hacking.|
|3. Maintain a record of access: This is a system or repository to query when a violation has occurred and analyze who accessed which data and when.|
Over the past ten years, corporations have experienced over 75 data breaches compromising over one million records. As more and more sensitive data is stored on and off businesses' mainframes, it becomes increasingly important to have a record of access, not just externally, but also internally. As a federal contractor, Edward Snowden showed he could easily access and download classified NSA records by manipulating his levels of clearance and security. The same could happen within any organization with highly confidential data.
The mainframe plays a pivotal role in providing this record of access. Not only is most of the data required for advanced analytics projects being captured—and therefore accessed—on the mainframe, but mainframes also provide an incredibly detailed logging system with SMF (Service Management Facility) logs, an automated system of collecting and recording data access patterns.
SMF logs were not always seen to be the useful tool they are today. In fact, just a few years ago, many people didnít think mainframe log data had any use at all. But with new regulations driven by growing adoption of technology allowing on-and-off mainframe data analytics projects, they're a critical tool for both security and compliance, and in the event a company ever faces an investigation or audit.
We have found companies that donít even have these logging systems turned on, but with more attention around doing whatís right for the customer and with tools like Splunk Enterprise creating solutions oriented around compliance requirements and systems of record, the use of mainframe log data for monitoring security will grow. And thereís a big opportunity for firms in industries such as healthcare, financial services and telecommunications to provide better service and maintain security through these systems and processes.
While concern over data security and compliance will keep any mindful executive up at night, it is also possible to use this problem to drive cooperation and collaboration within an organization. By asking compliance and IT departments to put sensible policies in place that give innovation and security equal space, it allows IT to support compliance and vice-versa. But recognize that each have unique expertise and perspective; a compliance officer may not be tech savvy and an IT department may not be aware of new regulations. Shrewd executives can use the challenge posed by data security to inspire collaboration and communication.
Innovation begets opportunity. And the giant steps forward in data technology have brought tremendous potential to those holding large caches of personal data. Enterprises that utilize new technology while also successfully securing data and managing to new compliance responsibilities will have a specific competitive edge within their industry.
While riding a wave of innovation that relies on accessing customer data and complying with new rules and regulations may seem like two pursuits that are inextricably at odds with one another there are ways to smooth the process. Implementing common sense rules around data access, inspiring stronger communication among departments and utilizing tools within mainframe computers are just a few examples of steps one can take. There will always be a delicate balance between regulation and innovation, especially around moving sensitive data, but it is possible to push Big Data projects forward without compromising security.