5 keys to innovating without sacrificing privacy, security or compliance
In the wake of the Facebook data compromise debacle, every company that wants to innovate needs to challenge the false premise that seems to have contributed significantly to Facebook’s problem.
In 2014, Mark Zuckerberg abandoned the company’s “Move fast and break things” motto in favor of the awkward “Move fast with stable infrastructure.” In May of 2017, he claimed the company was replacing that with the more paltry plea to “Move fast and please don’t break anything.”
The subtleties aside, all three mottos assume “moving fast” – that is, experimenting and innovating as rapidly as possible – equals recklessness. It also presupposes that developers operate in isolation from other areas of the business and are essentially free to try anything they want.
In an era of increasing regulatory complexity, including around data privacy, no business that wants to survive can tolerate recklessness. But that does not mean abandoning rapid innovation. Companies have been innovating without being reckless forever – and just because Facebook benefited from its irresponsibility for a while, no company should risk its existence by equating the two.
How do you create an environment to support rapid innovation while protecting the company from its own excesses? Consider the following five keys to moving fast without breaking things.
1. Eliminate Silos: Strategic and Technical
The first and most important key is to get and keep everyone in the organization on the same page. There can’t be strategic or data silos.
Strategic silos – Marketing wants to collect customer data for business analysis, but compliance wants to stay ahead of evolving privacy regulations. Groups within an organization rightly or wrongly believe they must compete with other departments for approval or resources and even operate in secrecy.
These strategic silos and others can also arise simply because busy executives and managers don’t recognize the benefits of better coordination. However, at a time when digital transformation and customer experience initiatives demand automated business processes across multiple groups within organizations, getting all information stakeholders to work together toward the same goals is essential to both moving fast and minimizing risk.
Data silos – A sales manager keeps forecasting and customer information in a CRM tool, whereas the marketing department uses a homegrown application to track email marketing data and store it in a separate database. The proliferation of spreadsheets needed to bridge the information gap between two or more systems leads to decisions based on inconsistent or erroneous information.
The reasons these data silo issues and others arise include: incompatible systems deployed by groups focused only on their business unit requirements, new systems deployed to take advantage of emergent technologies that older systems don’t support, or investment in proprietary technologies that aren’t compatible with evolving standards. Whatever the cause, eliminating data silos must be a top priority because they create strategic blind spots, potentially leading groups to work at cross purposes – and introducing risk – because of data only they see.
2. Maintain Data Quality
“Garbage in, garbage out” impacts every information stakeholder, especially decision makers who expect to gain unprecedented levels of insight from the massive amounts of data IT collects. For example, how can a product manager run analytics on customer requirements if customer feedback is entered into the system in an inconsistent manner, and the system includes old and irrelevant data?
IT executives must have the systems and processes in place to ensure data quality and data lineage. If the data in various systems cannot be trusted to be accurate and fit for the purpose for which it was collected, any analysis based on that data will be suspect. Only by properly managing the data lifecycle, from its trusted original source through storage, normalization, access by users, use by other applications, and finally tiering and archiving, can true insight be gleaned – ensuring everyone from decision makers to app developers are able to move fast in the right direction.
3. Privacy by Design
While Facebook and other popular app developers innovated with little regard for ensuring privacy, other innovative companies like Apple have been baking data privacy into product lifecycles for decades. Privacy by Design is a set of application design and development best practices that help organizations build privacy protections into their applications from the first line of code. These best practices (such as proactively anticipating privacy issues, having maximum privacy as a default setting, ensuring visibility and transparency for users, and more) should not be seen as restricting innovation – unless abusing data is not seen as a negative. Instead they are liberating and empowering, providing developers with confidence that the fruits of their imagination and hard work will be welcome additions to the organization’s overall strategic efforts.
While Privacy by Design should be a foundational philosophy for an organization, Security Development and Operations (SecDevOps), the latest outgrowth of DevOps, is now a critical operational strategy to ensure security in applications.
The goal of DevOps processes is to automate workflows between development (Dev) and operations (Ops) to accelerate the application build, test, and release lifecycle, enabling more frequent releases but with greater reliability. A shorter release cycle, however, can introduce more security risks. SecDevOps adds additional processes and best practices related to embedding application security into the coding process and the DevOps workflow. Once implemented, SecDevOps is another way that developers can experiment and implement innovations in a way that won’t break things.
5. Unified Governance
Unified Governance is an all-encompassing, foundational approach to automating data governance, compliance, management and security processes. As laid out in the CGOC’s Information Governance Process Maturity Model, an organization-wide, top-to-bottom approach to maturing and automating information-related processes drives down operational costs, reduces legal and regulatory risks, and helps organizations optimize the value they derive from their growing data stores.
Developing a Unified Governance program can free developers, strategists and decision makers to think and explore out-of-the-box without putting the organization at unnecessary risk of violating laws and regulations that are not only the concern of lawyers and regulators, but also increasingly vital to customers.
It is important to keep in mind that these keys to moving fast without breaking things are not either/or states. Companies will need to evolve their capabilities in all five areas. Still, focusing on them and respecting the goals and processes of each creates a foundation for a new motto, “Move fast. We’ve got your back.”