Godfrey Kutumela, Head: Security Division, IndigoCube
Big data and data privacy are driving the development of a hot new career path. Make sure you don’t miss out on the opportunity to take your career to the next level.
Data is becoming the lynchpin of emerging business models as the digital economy morphs into what some are calling the app economy. Companies are relying on analysis of greater stores of data to spot opportunities and market trends, and to help them develop new apps that effectively take new products or services to new markets rapidly.
One of the hallmarks of this emerging app economy is the need to open up corporate systems to the third-party developers who develop many of these apps, and to customers and business partners.
The need to secure ever-increasing amounts of data while enabling the flexibility and openness demanded by the app economy is causing CIOs to rethink their security strategies. The Great Wall of China Must Fall, in other words—to be replaced by a more dynamic security strategy based on identifying critical data sets, controlling access using a risk-based identity model, and protecting critical databases (for more information, read 3 steps to data-first security strategy.
Databases that store critical data are, of course, the targets for cyber-criminals of all types. At the same time, much of this data falls under the protection of the various data-privacy regulations that are emerging, among them the Protection of Personal Information Act which will come into force in South Africa sometime soon, we think.
All of this means that custodianship of these high-risk databases has become more than just a question of making sure they are well structured and available. Expect to see a growing demand for individuals who combine the technical skills to manage databases effectively with a complementary set of skills relating to security (and thus risk mitigation).
So how should you go about positioning yourself for success in this new role?
• Understand the regulatory frameworks and standards governing the protection of data. In other words, understand the risk in order to prioritise where security budget is spent. It may be necessary to motivate your organisation to get you specialist legal training.
• Build relationships with IT security. Typical IT departments have the person who looks after the database as part of the application services team, which makes perfect sense given the fact that apps rely on the databases. Security is a different section, and the two usually only interact after a breach. Take the initiative in setting up a formal working relationship to prevent breaches by integrating security activities with database activities—and maybe include the risk manager as well.
• Take security training from the vendors. Going forward, it is vital to be able to configure the database to promote security. At present, this training is only obtainable from the vendors themselves. The exception is a system like SAP, to which the database is integral. In such cases, upskilling on secure application development via a provider like IndigoCube is highly advised.
Database security looks set to be the pivot of modern, multipronged strategies to secure IT systems from the inside out. Make sure you are ready.