Steve Jones - SSC Editor (6/15/2016)
TheFault (6/15/2016)
Having worked at a company who are supposed 'industry experts' in data security, I can tell you it is no better behind closed doors at such places. PCI audits were laughable; weak auditors accepting straight yes or no answers with no explanations, or at best 'very carefully selected' evidence to suit whichever scenario as proof of controls and measures in place. The main problem as I saw it is the auditors have zero knowledge of the hardware/software they're auditing and in most cases aren't allowed to actually see any systems due to data protection wheeled out as an excuse... :blink:Completely agree. I'd like to see auditor's findings be more transparent, and certainly, insurance companies requiring better security.
Unfortunately, I think the PCI group and members are happy to allow a certain level of fraud because their profits allow for it.
When consumers lack trust in a corporation's ability or intent to keep they're sensitive data private and secure, they become less likely to share it, and they'll even do things like providing fake data on a registration form when installing software or accessing a website's content. Ultimately it's not the sum total of data or data scientists that gives a coporporation the IT competitive advantage, but rather how well they cultivate a sense of trust with consumers.
For example, I trust Microsoft with my personal data more than I would FaceBook or even Google. Microsoft is in the business of building great technology solutions and platforms for which they marketing directly to clients and consumers, and I respect that. In contrast, FaceBook and Google use technology as a tool for aggregating as much data as they possibly can, and they're primary business model is selling personalized data to 3rd parties; so for them I have less trust and respect.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho