Cross-Platform Technology Journalism By Seasoned Writer

Adrian Bridgwater

Subscribe to Adrian Bridgwater: eMailAlertsEmail Alerts
Get Adrian Bridgwater: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Enterprise Architecture, Security Journal, SOA & WOA Magazine


Enterprise Security and Gaining Insightful Insight into “Insight”

It seems insight means more than one thing in information technology these days

Security specialists are fond of using expressions like "robust protection" and "multi-layered defenses" when it comes to setting out their stall and telling us exactly how they are able to protect our data and applications. Looking closer at enterprise security, we see that lower down the buzzword pecking order for some reason is the word "insight" in its various forms.

It seems insight means more than one thing in information technology these days, but perhaps it's no coincidence that every meaning or interpretation of the term essentially falls somewhere under the umbrella of enterprise security.

  • Insight means "application visibility" -- and the need for a clear picture of enterprise software form, function and therefore stability.
  • Insight means "staff and stakeholder" control - and the ability to stipulate policy throughout the enterprise on access controls and privileges.
  • Insight means "customer insight" - into the way companies and individuals (and often partners) will interface with a firm's delivery channels (electronic and traditional) as they consume goods and services.
  • Today, insight also means "cloud knowledge" - and the ability to detail exactly where our data is housed in a multi-tenant cloud.

We could continue this stream of thought and start talking about insight into mobile device usage patterns, insight into security risks arising from users and their unmanaged actions and insight into the malicious intentions that drive hackers, spammers and phishing scammers as they try to perpetrate our organizations' protective structures.

At the risk of turning this discussion into an analysis of the English language, the noun insight is typically defined as something like: the action uncovering the true nature of a thing, perhaps through intuitive understanding with "penetrating mental vision or discernment"; leading us to a point at which we can see inner character and/or underlying truth.

What this breaks down to is a realization that enterprise security insight may be something that we already know, but that we have (for some reason or other) failed to understand. For example, a firm's greatest risk to its security often comes from within, i.e., its own employee base. Not that employees need to be harboring malicious intent per se, they may just be uninformed and not able to realize how dangerous it could be to plug an infected smartphone into an office desktop machine.

In the Dark
If they didn't have insight, the company didn't have insight into their actions and neither party (initially at least) has insight into the ramifications resulting from these actions until they are fully played out in what may be a damaging series of consequences.

Unfortunately there is no formula or handy algorithmic function for deducing "insight" as a hard and fast business variable. This is where security intelligence and risk assessment come to the fore. With the ability to assess our data risk at any given time, we can then start to plan for a) appropriate actions in the face of a security breach b) the re-location of our most sensitive data and applications to more accurately defined and controlled environments where risk is lower and c) greater business agility from that knowledge-empowered point forward.

Insight Is Everything
Only by maximizing insight are we able to able to truly gain value from operational security measures. Without insight, security is just a brick wall, i.e., we don't know how much it is keeping safe and we don't know how much it is keeping out.

If you have been reading this and you agree with some of the principles discussed, yet you think that we have already over-used the word insight in our general discussion of information technology on the web; then try ‘comprehension' or ‘discernment' or ‘perception' - they all come to the same thing.

Now then, tell us, was that insightful?

• • •

This post was first published on the Enterprise CIO Forum

More Stories By Adrian Bridgwater

Adrian Bridgwater is a freelance journalist and corporate content creation specialist focusing on cross platform software application development as well as all related aspects software engineering, project management and technology as a whole.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.