See things clearly

Data Refineries: a new perspective on cybersecurity

In yesterday’s post, “How is cybersecurity linked to economic security?”, I wrote that, to some degree, most organisations today can be considered as “data refineries.”


A couple of people have asked me to expand on that point.


Since the industrial revolution architects, engineers and scientists have spent decades creating standards and practices so that flows of water, steam, electricity, oil, components and petrol could be used safely.


How a business worked was clearly understood. [more]


Today, the reason so many IT projects fail, or are vulnerable to outages, or are compromised in a cyberattack, is that there is a lack of comparable clarity about how data flows through and between organisations, except in process sectors like Nuclear or Oil & Gas.


Oil refineries are hugely complex yet they rarely suffer failures – why?


Because the industry understands and can easily communicate the complexity of the business.


In Oil & Gas, digital sensors are attached to every asset, and digital flows (representing product flows) are clearly understood and constantly monitored.  The flow of oil and gas products is analogous to the flow of data.


Strict governance standards mean the industry has a deep, granular understanding of how every component and asset, from the smallest valve to the largest pump, is put together to enable the flow of product, with the minimum risk.


Oil & Gas uses simple pictures created from computer models to understand how individual assets interact to enable the flow – things like pipes, valves, pumps, meters and sensors.  Engineers and business managers can see clearly how the business works and can communicate together easily, which means better decisions can be made: business performance can be optimised and business risk minimised.


In today’s other business sectors, the equivalents of the pipes, valves, pumps, meters and sensors of the Oil & Gas industry are the people, hubs, cables, routers, servers, and desktop computers through which data flows. The role of these assets, including the people, is to enable the data to flow to where it is needed. Improvement in the performance of the business [then] depends on how the data is used by people applying their knowledge and skills.


But for various business and technical reasons, IT has never had the equivalent of the Oil & Gas industry’s simple picture.  It hasn’t been able to clearly show the connections and dependencies between the assets that enable the flow of data through the organisation.


Which means, by comparison, it’s not as easy to understand and communicate exactly how the business works.  So making the right decisions remains difficult, the business is still not optimised properly, and vulnerabilities and failures are more likely. Across extended networks the risks are multiplied. (Feel free to add your own multiplier!)


Consequently, cybersecurity will remain an ever increasing challenge across every aspect of our professional and personal lives until there is a shared understanding of the interconnectivity of the organisations we work in and work with.


Understanding the interdependencies of people, processes and technology and how data flows through them and between them is at the heart of the solution.


At OBASHI we recognised this some time ago as being a common sense approach. If you agree, it might make sense to explore OBASHI - after all what do you have to lose?


Views: 242

Add a Comment

You need to be a member of OBASHI Think to add comments!

Join OBASHI Think

© 2018   Created by Fergus Cloughley.   Powered by

Badges  |  Report an Issue  |  Terms of Service