Q&A: How to balance data access and security

For CIOs, implementing technology to support new business models often means  deploying systems to target content at different devices, while at the same time enabling secure and compliant tracking of consumer behaviour. This is particularly true for technology leaders in the media business.

In this Q&A, Craig Ruurds — a senior IT leader with more than 20 years of experience supporting film, television, and other media companies — talks to CIO about data security, cloud, and helping businesses leverage technology to provide a competitive edge. Ruurds is currently chief technology and information officer at KwikTec, a provider of streaming video management and distribution platforms.

How crucial is data in times of global crisis and how can data be harnessed effectively to help organizations formulate and execute responsive data strategies?

Craig Ruurds

The COVID-19 pandemic has certainly drawn attention to the critical nature of data. We saw a significant shift from the importance of data security to data availability. It isn’t that security is suddenly not important. The need to protect our data will not change anytime soon. However, with the inherent disruption of a global crisis, companies were suddenly scrambling to access their data efficiently. As we are certainly aware, there is a massive migration to cloud and hybrid cloud solutions. However, many organizations protect their data by limiting access to it from outside the confines of their physical locations. That is certainly one way to restrict access. However, it is a way that can cause serious issues when your entire workforce is suddenly forced to operate remotely. I think this crisis may be an opportunity for a fresh evaluation of how we will handle data during any future global disruptions. Loss of access to data brings operations to a standstill. The question will be, how can we maintain the highest level of security while ensuring data is always available no matter what the crisis.

Is your organization encrypting cloud data? How can companies get the most out of their data?

 Yes. We encrypt everything in the cloud and recommend the same to everyone. As a company that helps other people engage technology, it is easy to forget to get the most out of our own. At KwikTec, we use our data to improve marketing, track social media, find new customers, increase customer retention, improve customer service, better manage our procedures, and predict sales trends.

However, the more data you have, the more possibilities present themselves and the more likely it can be to become overwhelmed. Companies can hit their own point of decision paralysis when they consider the possibilities of what data can tell them. We just need to remember that we are still human organizations. The core values of the business should always guide the decision-making process with data offering us key insights we might otherwise miss.

How are you approaching cybersecurity at an enterprise level? What do you see as the biggest cyber threat facing organizations in Africa?

We need to be aware of the threats and take basic steps like limiting employee access to data and information to avoid creating unnecessary risks. Preventing access to business computers by unauthorized personnel, backing everything up and doing it regularly and automatically is also important. 

Every organization should establish basic security practices that protect sensitive business data. But merely writing it down isn’t enough. We need to communicate them to employees, and we need to reinforce them regularly. With the critical nature of data now, there need to be clear rules of behaviour that cover how we protect business and customer information and there need to be clear penalties spelt out and enforced for violating policies.

On a deeper level, we make security an essential part of the development pipeline, so we are thinking about it from the onset of any project. Vulnerabilities can’t wait. Teams need to address them as they are detected. We embrace “API-driven security.” By removing the human element, we establish a continuous integration methodology, which provides a consistency of delivery.

How do you measure and communicate the ROI of IT investments and what metrics do you personally value most with regards to measuring the success of an innovation strategy?

That can be a tricky question. For those of us pushing the boundaries of information technology, ROI metrics get complicated. There are so many variables that can impact the outcome, and we are still discovering many of them as we go. So, first, we have to figure out what financial benefits we have to gain. From there, I will focus on five areas: cost avoidance, cost reductions, capital reduction, capital avoidance, and revenue enhancements, such as up-sells. From there, it is about the standard equation where ROI = (Gains – Cost)/Cost.

Since we work in agile methodologies, we also need to consider factors like project velocity. With agile projects following a different life cycle compared to waterfall, requirements are redefined as the project progresses.

Making things even more complicated is the fact that concrete ROI numbers will reflect only measurable gains. Difficulties come up with a lack of numbers for the non-quantifiables like the soft benefits of better customer support, improved customer satisfaction, enhanced usability, forecasting and analysis, and others. But it is still essential to recognize and evaluate these non-quantifiables, especially when communicating costs to the folks paying the bills.

What’s your advice to IT leaders trying to implement advanced technologies in developing and emerging markets particularly in Africa?

In simplest terms, don’t stop learning. It is crucial to pay attention to your knowledge and assumptions, especially as you undertake work in an emerging market. It is too easy to believe that development is geographically neutral. After all, technology should, in theory, work the same no matter where it is running. That may be true on a purely technical level, but nothing really works on a strictly technical level. Software and systems need to be developed in the context of where they are being developed, who will be operating them, and who the final consumer will be. So, we need to keep learning about the advances and best practices in our area of technology, in development, and in the culture within which we are working. It doesn’t matter what country or continent you are working in, you must make an effort to learn as much as you can about context.