Focus on Signals, Not the Noise

The data explosion shows no signs of slowing. According to Winter Corp.'s 2005 TopTen Program, Yahoo! has more than 100 terabytes of data (actual; not storage space allocated, which is a misleading measure) in its Oracle-based data warehouse (DW). This marks the first time that Richard Winter's survey of the largest, most heavily used databases has reported a system with more than 100 terabytes. AT&T runs a close second, with almost 94 terabytes managed by its internally developed "Daytona" system. The telecommunications industry generally has the biggest databases, says Winter, with volumes rising in financial services and insurance.

Securing such crown jewels — including unstructured content and document sources, business processes, and strategic applications that generate and use the data — is the top 2006 IT budget priority for Intelligent Enterprise readers, according to our Strategic Management Survey. To be sure, this month's cover package identifies other objectives that vie for attention: but security, fraud detection, privacy, identity management and the surrounding issues of regulatory compliance dominate readers' agendas. Pick up any newspaper today and you needn't ask why.

Alas, we do have to ask why most organizations still don't address these challenges strategically, which would help them apply the full force of their IT innovation and intelligence. "Compliance is proving to be more of a distraction than a catalyst," notes Edwin Bennett, global director of Ernst & Young's Technology and Security Risk Practices, in the company's recent Global Information Security Survey report. Bennett's view is that organizations are missing "the opportunity to promote information security as a strategic imperative to their businesses."

Mobile and distributed computing immediately come to mind as big tests for information security pros; however, regulations are what draw the interest of CEOs, CFOs and heads of corporate functions and lines of business. Basel II, Sarbanes-Oxley, HIPAA and recent legislation such as the Personal Data Privacy and Security Act force organizations to take more visible responsibility for their entire ecosystems of partners, outsourcing contractors, suppliers and customers. If they don't, "the value created by these arrangements can quickly diminish or disappear due to perceived or real security, privacy or identity breaches," Bennett warns.

Will the New Year bring a tipping point, marking a new resolve to address security, fraud, privacy, identity management and compliance in a holistic and strategic fashion? Large firms in telecommunications, health care and other industries have been applying data mining for years to combat fraud; packaged solutions and services vendors are now bringing this specialized knowledge into the midmarket. As we explored in November, more companies are using risk analytics for a blend of regulatory and strategic purposes. The clamor for auditing and activity monitoring tools that can detect security and regulatory violations will lead organizations to reconsider how they deploy operational data stores and other time-sensitive repositories, as Michael Jennings discusses ("Not Your Father's ODS").

With data pouring in on top of already bulging sources, the key challenge will be to enable decision makers and automated systems to sense the signals amid the noise: that is, pick up key information from the background that protects the business from harm. Automated compliance may be a common goal, reflecting a desire to shift focus to more strategic matters. But with the stakes rising, companies that fall short of gaining the ability to understand why something happened and how to adjust for the future do so at their peril.

David Stodder is the editorial director and editor in chief of Intelligent Enterprise. Write to him at [email protected].