This is truly an exciting time for people in the information technology industry. We have more capability than we’ve ever had, and we are more connected than we’ve ever been. Key enabling technologies like cloud computing and mobility let us deliver engaging experiences like never before and, for the most part, stuff just works. And we’ve addressed a key issue that has severely limited the success of technologies past: we are getting very good at making things work together.
Using modern application architectures and APIs, we can deliver a more compelling, more engaging customer experience in far less time than was ever before possible—often with far less effort. Rather than create everything ourselves we can decrease delivery times by assembling applications from components that are on-premise, off-premise (e.g.: cloud-resident), or both. We can use cloud services to combine these components rapidly and adjust capacity dynamically. And we can take advantage of big data technologies to gain insights that were until now economically beyond the reach of all but the largest organizations.
IT teams can finally spend more time focusing on customer experience and business needs, and less time feeding the technology beast. It’s all fluffy unicorns and rainbows for IT and application delivery from now on, right? Not so fast! There is a massive and very frightening troll under the (network?) bridge. Nobody’s talking about it, and I believe it will claim more than one victim. Here’s why.
The challenge we have when we bring data together from disparate sources is that we may not know the insights it delivers—or, the story it tells. By combining data from one or more sources that were completely innocuous when apart and in their original forms, we may inadvertently and unknowingly create a situation where that aggregated data falls within the scope of a law or compliance regulation (e.g.: HIPAA). We may combine data from different sources, which, in their original form, could not be associated with a specific person, but when combined create a treasure trove of personally identifiable information (PII). If you are thinking, “Of course, that’s why we bring data together,” I agree. But the data may tell more than one story, and you may not be aware of them all.
So, if you are not aware that you have data that qualifies as PII or that is subject to regulations, you might not think to protect it appropriately. In fact, you might intentionally make it open. Think this is not a likely scenario? Any of a number of very simple, likely occurrences could result in a situation like this. For example:
- Personnel responsible for aggregating data may be unaware of stories the data tells separate from the one they intentionally assembled it for
- People supplying (or receiving) individual data sets may not be aware of its potential sensitivity when combined with other data
- People supplying data may be unaware that will be combined with data from other sources, or what those sources are
- The aggregated data may be reused, updated or combined with other data, delivering even more new insights
Those are just a few of the scenarios that create this risk. So, be diligent when you aggregate your data. This is certainly one case when too much service could be a bad thing.