Will the increasing ethical complexities of data protection make it harder for IT to operate at the speed of the business?

When it comes to ethics and how we protect data at the code level, it's a totally different mindset now. I can't move at the speed of the business. Looking at access to the systems solely from the human perspective is just wrong. Last year, our whole cyber defense testing model was all about defending data in the middle of a contaminated container. This year, we're going to continue that concept and add a compromised virtual private network (VPC) layer, plus issues with our API connections from a poorly configured solution.  Ethically, if I'm responsible for being able to track the integrity, availability and confidentiality of the data, I now have to look at it from both the human factor perspective and systems factor perspective. There are very few solutions that understand tracking ethical usage of data from the system identity out to the human being, it's always from a human being in.

Anonymous Author
When it comes to ethics and how we protect data at the code level, it's a totally different mindset now. I can't move at the speed of the business. Looking at access to the systems solely from the human perspective is just wrong. Last year, our whole cyber defense testing model was all about defending data in the middle of a contaminated container. This year, we're going to continue that concept and add a compromised virtual private network (VPC) layer, plus issues with our API connections from a poorly configured solution.  Ethically, if I'm responsible for being able to track the integrity, availability and confidentiality of the data, I now have to look at it from both the human factor perspective and systems factor perspective. There are very few solutions that understand tracking ethical usage of data from the system identity out to the human being, it's always from a human being in.
1 upvotes
Anonymous Author
At the speed of business, we all tend to look for those shortcuts, and we all know security is always the last to know when something is going into production tomorrow. That’s when they’re asked to take a look and see if it's secure. The ethics of coding is a fascinating concept, because as IT leaders we don't do a lot of coding. And there are vulnerability tools that can scan for just certain vulnerabilities. There's a standard that you can put against code but, ultimately, if you're in a hurry to get the product out the door, you're going to do as much as you can to do that with as little friction as possible. It's as simple as that. And if automation is a solution, to the extent you can apply the automation and it satisfactorily checks most of the boxes, that's what you're going to do regardless of the ethics.
0 upvotes