Oliven warns that it’s important for organizations to ensure data quality before trying to use that information to make predictions.
“As with anything, it’s garbage in, garbage out,” he says. “That’s always the potential pitfall. Having solid processes about your entire data flow is very important.”
Previously, Oliven says, Polygon Research worked with a different data platform provider, but it ran into limitations around complexity and scalability. One thing he appreciates about Qlik is the low- and no-code capabilities for predictive insights.
“The tools are getting more capable, and I think they’re becoming more oriented toward the citizen data scientist, if you will, putting more capabilities into the hands of folks to easily get started and get insights quickly. That’s a big trend we’re seeing right now.”
Zero-Trust Security Becomes Ubiquitous
Even five years ago, the concept of zero-trust security architecture was a reach for all but a handful of organizations. Today, even federal agencies, historically slow to embrace emerging technologies, are engaging in mandated zero-trust programs, and organizations across industries are rapidly moving from planning to implementation.
“In the past, you would build a moat. But then, if someone got in, they had free rein of the whole castle,” Bechtel says. “Zero trust flipped the script and said, ‘We’re going to lock every room, so even if someone gets in, they only have access to that one square meter.’”
Josh Hamit, CIO of Altra Federal Credit Union in Wisconsin and a member of the ISACA Emerging Trends Working Group, says that Altra has deployed a zero-trust platform from vendor Illumio, but he stresses that a zero-trust strategy is an entire set of solutions and practices, not just a single tool. “I don’t necessarily think that you can implement any one product and then say that you’ve got zero trust in place,” Hamit says. “In that way, it may be a bit of an overused phrase. You need to have layered security in your environment to really have zero trust.”
Altra’s zero-trust platform provides network segmentation, which is designed to stop attackers who penetrate an organization’s first layers of defense.
Altra also relies on tools such as Azure Active Directory Conditional Access and Microsoft Authenticator. The Conditional Access tool denies access to systems and data when it detects obviously suspicious behavior; for example, an employee’s account shows someone attempting to access a file from the U.S., then trying to gain access 10 minutes later from a foreign country. Authenticator, meanwhile, provides multifactor authentication.
“What’s important isn’t the name or the specific tools,” Hamit says. “What’s important is the principle: Never trust, always verify. Instead of assuming that the bad guys are out on the perimeter, you treat them as if they’ve made it inside your network, and then you put in the appropriate controls to stop them.”