Redefining risk for big data

Machine-driven intelligence introduces risks that challenge traditional IT risk management. Here are three steps to take now.

Much of the data classified as big data will originate from machines and will come into data analysis engines through Internet of Things (IoT) sensors, according to a 2010 McKinsey & Company article. In addition, software automation will increase; robots in warehouses will run themselves; containers on docks will self-police their contents; and trams and automobiles will operate without drivers. The potential for converged automation and intelligence is enormous, and the market opportunity is daunting.

It's no surprise that major corporations like General Electric are building up capacity and capability for an "Industrial Internet" of sensors. GE invested one billion dollars into big data software and expertise to position itself for the deluge of digital data that will emanate from sensors and other digital devices embedded in machines such as GE's jet engines, turbines, trains, and hospital MRI equipment. In 2011, this was a $94 billion market for GE.

In 2013, Google launched its driverless cars, which offer many potential time-saving and convenience benefits, including the ability for senior citizens to use their cars longer because they won't have to operate them.

Companies with supply chains are using containers with sensors to monitor container temperatures for goods in shipment and to monitor container break-ins for potential terrorist or highjacking attempts. The state of these containers, no matter which dock around the world they sit in, is always visible on monitors at the corporation's HQ.

Logistics companies can monitor their in-field execution even better by placing sensors in trucks. The sensors track locations and report maintenance issues (e.g., the braking system needs repair soon) and driving habits (e.g., optimal fuel conservation speeds are not being maintained on the highway). These applications translate into more effective ways of doing business, and they ultimately deliver value to consumers.

But as this new machine-driven intelligence comes online, new risks are created that challenge the traditional thinking of IT risk management plans. Three major questions emerge:

  • What happens if the mechanized automation or sensors fail?
  • Is there a potential for greater security threats now that mechanized field operations flow over the Internet?
  • Are there new information privacy risks?

Answers to these questions are in the formative stages, but that doesn't mean IT shouldn't be thinking about them. Here are three key steps that your organization can start taking now.

1: Revisit your disaster recovery plan

Because disasters seldom happen, organizations don't generally have their disaster recovery plans as ever-present, frontline tasks. However, if you're charged with bringing on big data that includes automation and industrial sensors, tuning up your disaster recovery plan should be part of the process. If a sensor or the automation fails, do you have manual and/or other system processes that can stand in? If not, what is the extent of your legal liability?

2: Check your edge security

How secure is your network at the edge, where the outside sensors operate and control? Do you have edge management policies and technologies in place to produce the level of security you need? If there is a security breach, what are your risk mitigation strategies?

3: Review your data privacy responsibilities

Industrial-level sensors can provide other people with additional entry points into homes and businesses, where a vast amount of information can be collected. Your organization may issue annual privacy statements to consumers on the safeguards and information sharing practices that are applied to their data, but consider whether it needs to do more for information that can be accessed via in-home sensors.


IT can choose to avoid these steps for now, or it can assume a proactive role in policy formation and in engaging others in the organization who have a stake in the process (e.g., business leaders, regulators, corporate counsel).

Also read on TechRepublic