April 23, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
All issues surrounding shadow IT can be traced back to an organization's lack of visibility. An unmanaged software stack gives IT teams zero insight into how sensitive company information is being used and distributed. Since these tools are not vetted properly and are left unmonitored, the data they store is not adequately protected by most organizations. This creates the perfect framework for hackers to easily seize important data, such as confidential financial records or personal details. Critical corporate data is at risk because most, if not all, SaaS tools require corporate credentials and access to an organization's internal network. A recent survey by Adaptive Shield and CSA actually shows that in the past year alone, 63% of CISOs have reported security incidents from this type of SaaS misuse. As stated prior, the recurring theme that many businesses are experiencing with shadow IT is the risk associated with a data breach. However, it is equally important to realize the potential industry scrutiny that businesses face and the penalties they receive from regulators because of sprawling shadow IT.
At the heart of the issue is the need for organizations to self-certify their compliance with the act. Since open source is often maintained by a small loose-knit group of contributors, it is difficult to see how this will work. Here’s the concern in a nutshell. Suppose you write up a cool little C++ program for your own use. You aren’t a company, and you didn’t do it for profit. Wanting to share your work, you post your program on GitHub with an open source license. ... In fact, it is even encouraged. That’s how open source works. The problem is when the GRID database has a problem that causes a data breach. The problem turns out to be a vulnerability in your code. Under the proposed law, it is possible you’d be left holding the bag for a large sum of money thanks to your generous hobby project that didn’t earn you a cent. The situation is even more complex if your code has multiple contributors. Was it your code that caused the breach or the other developer’s code? Who “owns” the project? Are all contributors liable??
Finding your niche also allows you to focus your energy and resources on a specific area, reducing the chances of you feeling overwhelmed trying to be everything to everyone. A niche provides a compass for your efforts, ensuring that the work you do aligns with your skills and interests. While being more specific can feel uncomfortable, it ultimately enables employers and clients to understand the specific value you offer. In the early days of my consultancy, I found myself saying yes to everything, including some speaking engagements that fell outside of my immediate area of expertise or taking on clients who demanded a lot of additional effort on my part to cover the entire scope of the services they sought that went beyond my offerings. Over time, I defined clearer boundaries around my scope of services. I also tried to more explicitly communicate which services I did not offer or consider within my area of expertise. When you niche down and clearly define your area of focus, it enables you to make clearer career choices, only pursuing opportunities that allow you to reinforce your positioning.
领英推荐
One of the things we have to figure out in the future of work is that a huge part of the population isn’t able to take advantage of this hybrid and remote opportunity. And what do we do for them? Do we end up getting to a place where people are picking jobs based on whether they can work remote or not? And are we going to have to compensate people differently for being on- or off site? That’s something that hasn’t been solved … There are a lot of companies that haven’t figured out how to keep the collaboration and the culture going in a remote workforce. So they just said, “Oh, we’ve got to get people back into the office do that.” I would say, “Or, you could figure out how to collaborate and keep your culture going with remote.” ... I’m a believer in carrot rather than stick incentives. Rather than compliance requirements, we need to focus on the fact that there’s so much value in ESG and in having a more diverse team. We need to focus more on the incentives and less on the “because we told you to” part.?
In terms of better understanding customers, generative AI is really effective in summarising information. Companies are already using the technology to create auto-summaries of market research reports, eliminating the need for having to precis reports manually. Going forward, there is potential to expand this use case to summarise large volumes of information quickly and efficiently in order to provide concise answers to key business questions. ... Generative AI can also make it easier for all stakeholders to access market research without having to involve an insights manager each time, thereby removing access barriers and facilitating the seamless integration of consumer insights into daily operations. Moreover, generative AI can help to address common concerns associated with all stakeholders accessing market research, such as non-research workers asking the wrong questions. By prompting relevant questions related to their search query, the technology can help those without research backgrounds to ask better questions, ultimately leading to more accurate and useful customer information.
While it may seem daunting, the journey to achieving zero-touch IT is not out of reach. It does require investment in time, technology and people, however. And once you get there the efficiencies will be apparent. Let’s break these benefits down by category. Zero-touch IT helps companies manage their software applications much more effectively. IT groups have historically gotten bogged down in the manual execution of tasks that are complicated and tedious, despite being basic and common. Two processes cited as top concerns for IT professionals, onboarding new employees and offboarding departing employees, are concrete examples. But managing the user life cycle of an employee doesn’t just start at onboarding and stop at offboarding. Many changes take place during an employee’s time at the organization—promotions, changes in departments, password resets, new project assignments, etc. And every single time an event like this occurs, some type of action, like giving or revoking access to new files, elevating access rights or taking security steps to prevent unauthorized access is required.?
Realtor Associate @ Next Trend Realty LLC | HAR REALTOR, IRS Tax Preparer
1 年Thanks for posting.