Companies of all types and sizes share infinite amounts of information with business partners. This data is constantly updated and flows back and forth. "This is a two-way chain," says Mears. "That means you are replicating data. We used to say 'defend the perimeter.' Many companies don't even have a perimeter anymore."
Data and information are assets, but executives don't know what they have, where it all is and who is (and isn't) protecting it. "It is very difficult to secure data when you don't know exactly what it is and who you're sharing it with and no one is on the hook for those decisions," says Mears. This reality necessitates a risk-based approach to data protection. "You cannot protect all data anymore. Not all data assets are worth the same amount. You have to be sure there is a return on that data asset, just as you would with any other asset. You should provide security commensurate with the value of the information asset," she says.
Deloitte is advising its clients to develop a more focused response to information security. In a highly integrated global environment, companies understand that their core intellectual property is at risk, but they cannot afford to protect the daily flotsam that is part of business as usual. "Data protection is now a C-suite and a board-level issue. Executives are beginning to think about how to maximize the return on their data assets," says Mears.
No. 5 Game-Changing Force: Regulatory Burdens
Since Sept. 11, 2001, and the passage of the Sarbanes-Oxley Act in 2002, regulatory activity has been high in virtually every industry. This is certainly true in the food/beverage/agribusiness industry, due to the obvious importance of maintaining a food supply that's safe from contamination, whether malicious or innocent. H.R. 2749, the Food Safety Enhancement Act of 2009, just passed. And Walmart made news in 2008 when it required all of its food suppliers to comply with the stringent GFSI (Global Food Safety Initiative) standard. According to Rick Shanks, this standard above all mandates traceability within the food supply chain.
"Many food processors are not prepared to deal with the level of traceability required by the regulation," says Shanks, national managing director of Aon Risk Services, the risk advisory division of Aon Corp. Traceability requires a high level of supply chain visibility, which has not always been available. That makes it more difficult to mitigate a food contamination incident such as salmonella in peanut butter or listeria on deli slicers. "When you have a food event, you have to be able to trace it back to its source," says Shanks. Aon recently announced a service offering that helps food processors and producers achieve the necessary visibility.
Sign up for Computerworld eNewsletters.