Only in the case of innovative initiatives to ensure safety to be successful. Here's how CIOs to maintain a balance between risk taking and risk-averse.
At first glance, the deployment of network security and the pursuit of innovation seem to be mutually exclusive. Enhanced security strategy aimed at reducing risk, and innovation requires risk an open mind.
However, companies are looking for ways to start innovative and new digital business plan, while taking measures to protect the data and other IT assets. As a result, even if they strengthen the security requirements of the system and data protection, and compliance with relevant laws and regulations, but they are still open some new ways to generate revenue, improve customer experience and increases in new markets opportunity.
After all, this is today's business environment, success secret: promote the implementation of change initiatives, the adoption of cloud, mobile technology, artificial intelligence, data analysis and networking and other innovative technologies, in order to ensure the security of the system and valuable data are protected .
For this reason, today's businesses need to find ways to achieve a balance, both to the forefront in the competition, but also to try new technology, but also validates the concept of work put into production and so on, but also to avoid the use of more risk approach to ensure that these initiatives are safe.
In some cases, this may involve increasing the security of all systems of budget and resources; in other cases, this may mean leaving a budget and resources to ensure the conduct of pure innovation. In either case, the goal is innovation, but to be in a safe and reasonable way.
Here are some examples to illustrate how companies for specific projects or to balance innovation and safety as a routine practice.
Deploy new online services while ensuring data security
Higher education institutions need to focus on the "Family Educational Rights and Privacy Act (FERPA)" compliance, the bill aims to protect the privacy of student data.
"Although compliance has long been a priority, but traditional local student information systems and data are generally stored in these systems and files, few people worry about storage outside world will get that information," Indiana University of Pennsylvania (IUP ) • chief information officer Bill Balint (Bill Balint) said.
Balint said: "But as network-based security systems to access some of the potential risk of a major security breaches and data leakage comply with the" Family Educational Rights and Privacy Act "has become a top priority."
Balint said that with the higher education has been transformed into a more commercial operation, this problem has been upgraded. He said: "The successful completion of efforts to achieve enrollment and student academic goals of educational institutions have been turning more and more in the field of customer relationship management and data analysis solutions in the cloud-based rapid implementation services."
Indiana University of Pennsylvania is to use these technologies through cloud-based subscription service, which also allows the university can provide some innovative services, such as help create some better, grants and customization of university academic personalized analysis, thus helping to attract and retain outstanding students to learn.
Balint said: "But in order to do this, vendors will usually require a lot of sensitivity about the student's academic and / or financial information into a cloud application vendor managed." "And these operations so that educational institutions have lost control of security. Instead, educational institutions often have to "accept the supplier's contract" that ensure the security of sensitive data to be transmitted and stored in the state. "
In order to ensure that no leakage of sensitive data, Indiana University of Pennsylvania to take the first step is to consider the presence of cloud service security and privacy risks, and share only the core data related to the function of a tool.
Balint said: "For example, a supplier focused on students' academic work is excellent, so its share performance information is very important." "But to share social security numbers make no sense, should not be shared."
In addition, the Indiana University of Pennsylvania also requires cooperation with all cloud providers go through a formal signing of contracts and service level agreements (SLA) with industry-standard data privacy and security.
Balint said: "There are few higher education institutions to have expertise in its interior to provide these suppliers with the functions, but these service providers for the survival of many educational institutions are increasingly important." "Education Industry We must continue to develop their own best practices to protect sensitive and confidential data. "
Increase the safety of new mobile applications
In late 2019, it announced the launch of Colorado, "Colorado Digital ID" in myColorado mobile applications to change the interaction between residents and the state government. The vision is to provide myColorado application for state residents an innovative, safe and convenient mobile solutions that enable them to establish contact with the digital identity and government services.
"Our goal is to state residents with various services through a central mobile platform will be linked, making it easier for them between the state government and for business, such as updating a driver's license," Colorado Chief Information Security Officer Deborah • Bly Sri Lanka (Deborah Blyth) said. "This does not need to go to state offices, saving time and transportation costs residents, and ultimately help to achieve customer satisfaction."
Since October last year the implementation of public, has more than more than 30,000 residents myColorado download the application.
Bryce said the state government realized that to ensure that any goods or services provided to residents is widely used to obtain and maintain trust from the public is crucial, and an excellent way to achieve this is to ensure safety becomes the key part of the application development work.
Personal information myColorado applications protected by multifactor authentication and data encryption to ensure the privacy and security of the application. In addition, myColorado application for user authentication at multiple levels, and confirmed the Federation to ensure that the user's identity, Bryce said.
"Since myColorado application also just an idea, when security architect will play an integral role in the application design team," Bryce said. "From the time the project began, it is necessary to verify the identity of the mobile user, enabling the user to save the system state information matches up."
Other factors to consider include ensuring through appropriate authentication before allowing users to access information, to prevent unauthorized access, as well as evaluate and select a payment service provider to process the payment safely.
The development team has been tested to ensure that the mobile applications and back-end server does not exist and could be exploited, resulting in leakage of sensitive data. Bryce said that in the development process also taken other precautions to prevent developers from accessing sensitive data.
Bryce said a key factor myColorado application is successful deployment of the security features in the design and build of the application process, all safety requirements have been unanimously approved, and then be integrated into the application through an iterative process.
She said: "Let the security architect as an innovative team in a positive and equal participants, which ensures that from the outset of the project to establish important safety standards, and not at the end of the development cycle simply as an option . "
The use of experimental methods IT Innovation
OC Tanner Company will provide customers with service staff recognition and reward, the company is using artificial intelligence, 3D printing and DevOps and other new technologies or methods to carry out some projects. In this process, the company follows a series of practices to ensure the security of data and systems, and privacy protection, while not stifling innovation.
The most important point is that the new IT initiatives deemed prudent scientific experiments. OC Tanner Company will use their existing processes and tools for small-scale technical test, and these companies work with external entities are isolated from.
"If one of our experiments have produced a vulnerability or vulnerability, then we should find that existing processes of the vulnerability," senior vice president and chief information officer Niel Nickolaisen said. "But if the situation is not the case, then the system vulnerability does not make the rest of us at risk."
Sometimes, a certain vulnerability could cause the Company to cancel the experiment or find ways to remedy or circumvent this problem. "In some cases, when we are experimenting with a new technology, found some problems, and then work with the (start-ups) providers to solve these problems," Nickolaisen said.
Nickolaisen said that as the verification experiment will go through some points, and these points are verified with experimental techniques and different types there are differences, but "because we have the production values of standard laboratory scale, thus requiring become more stringent." "Before publishing anything in our production environment, it must meet our standards - These standards include safety (and) privacy."
In one case, OC Tanner Company believe that they have enough data, you can provide some insight about the causes of employee turnover for the customer. To prove it, in case the customer must ensure that employee data security, companies need to learn to use these data to build cloud-based artificial intelligence / machine algorithm.
Nickolaisen said:.. "Start small part of our customer data anonymization, and then conducted a preliminary proof of concept in the cloud," "The results are encouraging, and we think it will continue to advance work but at some point we will need to use real rather than anonymous data. "
With the OC Tanner Company to expand the scale of the experiment, which is also available in artificial intelligence and cloud security and privacy of machine learning processes and services were evaluated. "At the same time, we work with our customers, so they can also participate in our assessment of the security of cloud providers / privacy practice in," Nickolaisen said. "We need them and as we are satisfied with the selections made."
Another example involves the DevOps processes and tools companies are using. DevOps processes in order to ensure compliance with safety standards, while still rapid deployment, OC Tanner Company would like to create some automated process, the creator of such new services and features to deploy only those pre-approved change the content of their own.
Nickolaisen said: "This requires that we do not function or tool." OC Tanner Company found a such a tool, but it is a start-up company from start-up, so there is a certain risk. He said: "We carried out an experiment of its tools to assess their function." "After the experiment is successful, we began to apply its own production values, then found some security flaws and certification of its products exist . "
Then, OC Tanner Company to cooperate with the company, before the tool is put into production these issues resolved.
Prioritize the customer experience and data protection
Global public sector employees Insurance (WAEPA) is a group term life insurance provider, whose goal is to surpass the competition, exceeding expectations of ordinary federal employees and retirees, providing services for them.
"With the development of digital tools and services, global public sector employees insurance companies recognize the need to transform and upgrade each platform and point of contact in the user's experience," chief information officer Brandon Jones (Brandon Jones) said.
Jones said, has a strong digital influence is the basis of this vision. In order to enhance its online presence, the organization first conducted a usability study, analysis of the current state of customer digital experience, conducted usability testing and user interviews, and then integrating the data to find the information collected in trends, patterns and commonalities.
The research and analytical work for them to improve service availability provides the possibility to let employees worldwide insurance company public institutions to obtain a series of findings and recommendations.
Then, the global public sector employees insurance companies launched a "customer journey analysis" to determine the various stages of customers and prospects in the transaction process experienced, what they expect to get at each step, each step in the case of both what issues and how they feel at each step.
Jones said: "This work allows us to grasp the members using the steps our products and services, and other content associated with them in this process, we need room for improvement and what steps should be merged or split." "Through the system draw the various steps of our members have experienced, that we can work as a diagnostic tool. "
Global public sector employees insurance companies before you start using the results of the work in usability studies and customer journey map is to create a new website and member portal. The goal of the new site is to better introduce the product to the user and the application process; improve consistency and ease of use of the entire site; self-service tools and information to make an informed decision on the user; and the customer experience "of humanity "and help guide users online, making it more secure.
Throughout the course of their work, protection of customer data is a primary consideration, while security has also been incorporated into the new website and supporting infrastructure. Security policy, including the use of some tools, such as redundant firewall, virtual private network (VPN), anti-spam and phishing, and identity and access management.
By taking these and other measures, the global public sector employees insurance companies can create a better customer experience for its customers, while providing a high degree of safety.
Has seen daily content updates friends can point wave attention, more details can click on [Java]
