Monday, 30 April 2012

Business case for investing in Application/Data security in the pharmaceutical 'Big Data' world

Lets say that company XYZ works on the pharmaceutical field and they provide the service of analysing large sets of data and creating reports with actionable information.

The data analysed (thing 'Big Data') is already confidential (for example a consumer usage of a particular trial/released product) and the report created is even more sensitive (since it might provide massive competitive advantage)

Today I don't believe most companies that deal in this space have very mature Application/Data Security programs and are able to protect this confidential data over the multiple places it is used (from its storage to the applications and entities that consume/expose it)

And if there, is please point me to real examples and published information.

Usually the reasons for lax of security are down to: low number of attacks, weak regulation, weak customer pressure, lack of 'secure metrics' and no-competitive-advantage-in-being-secure.

So how do we change this?

If you were going to meet a executive of one these companies tomorrow, how would you present a valid business case for the investment on Application/Data security?

Of course that we can use FUD, but our industry is so good at it, that these exec have probably already spend a bunch of money on FUD-driven products

My view is that the first step actually starts on the executive side. Basically, they (the company) must first decide that they want to make Application/Data security one of their competitive advantages and something they want to sell to their customers. Only then any initiative will be sustainable.

Of course, that if a company (or their direct competitors) is a victim of a successful attack then they will want to invest a bit.

Question: are there good example of companies that went bust, lost a lot of business or had big fines; due to the compromise of medical/pharmaceutical data they were handling/analysing?