Thursday, January 8, 2015

Musing on Corporate Data and trust!

The report in WSJ today "Puzzle Forms in Morgan Stanley Data Breach" made me reflect on corporate data. The article describes
“Morgan Stanley fired one of its financial advisers after it accused him of stealing account data on about 350,000 clients and posting some of that information for sale online, in potentially the largest data theft at a wealth-management firm.”
Many of us in the corporate world realize the value of “data” and information, especially corporate data. Securing and protecting the data is an entire industry in itself, and incidents like the recent Sony hacking saga highlight how vulnerable corporations are when it comes to protecting data and information.

The Morgan Stanley incident was clearly a case of an insider with access to data either acting with malicious intent or erring big time
“Robert Gottlieb, Mr. Marsh’s attorney, said his client had acknowledged obtaining the account information and confirmed that he was fired. But Mr. Gottlieb said Mr. Marsh didn’t post the data online, and wasn’t seeking to sell it.”
The article adds
“Already, the episode is having ramifications within Morgan Stanley: On Tuesday, people familiar with the matter said the firm has tightened access to its client database so that individual advisers no longer have access to such wide swaths of account data.”
Employees and Information workers need access to critical, sometimes sensitive corporate data to do their job. Athough the jury is still out on whether Mr. Marsh acted with malicious intent, it brings up a question information security experts, business and technology leaders continually grapple with: in an age of big data, where access to information, including corporate data is required to make information workers productive, how to add the right level of checks and balances to avoid such incidents!
Preventing workers from misusing data goes beyond codifying policies. Additional security, access control restrictions, monitoring data access etc comes with additional cost, effort and overhead that may be justified for some data types – PII, Social Security numbers etc. Additional requirements may also be dictated by industry or corporate requirements (account information of financial institution’s customers as in this example). However, additional restrictions may not be practical for all or “routine” information shared across a company.

At the end of the day, it comes down to a balancing act between:
  • Human intelligence: The ability to identify the odd rogue employee/contractor/third party who has access to your data and may be inclined to act with malicious intent and
  • Trust: The need to continue to trust those who legitimately need access to corporate data do their job
Not easy to balance the two!


Sunday, January 4, 2015

Book reviw: "Family Life" by Akhil Sharma

I decided to read Akhil Sharma's Family Life after I came upon his essay in Sunday NYT (essay: “The Trickof Life”). The book is semi-biographical and expands on Mr. Sharma's essay  so I was prepared for a sorrowful narrative of the Sharma family saga. In the NYT essay, Akhil highlights the crux of his story:

“When I was 10 and he was 14, my older brother, Anup, dived into a swimming pool, struck his head on its bottom and remained underwater for three minutes. When he was pulled out, he could no longer walk or talk, could no longer feed himself, could no longer even roll over in his sleep. Only a few months before, he was heading to the Bronx High School of Science.

My parents are deeply pious Hindus. We had been in America for two years when the accident occurred, in 1981. And of course when tragedy occurs, even nonimmigrants and nonpious people find themselves turning to their most atavistic selves. My parents took Anup out of the hospital and brought him to our house. For the next 28 years, until he died, they tried to fix him through faith healing. Strange men — not priests or gurus, but engineers, accountants, candy shop owners — would come to the house and perform bizarre rituals, claiming that God had visited them in a dream and told them of a magical cure that would fix Anup.”

These two paragraphs are perhaps a summary of the book “Family Life.” If this was it, would the book have become a NYT bestseller? To continue to engage readers through descriptions of tormented youth is a skill in itself, and in this respect Akhil does not disappoint.

Much of the book focuses on the travails and tribulations of immigrant Sharma family seen through the eyes of the protagonist, Akhil. He wallows in self-pity while taking us through experiences of an Indian immigrant family in New York. And despite all odds, does well academically and is accepted into Princeton. The rest – a well paying job in investment banking etc follow.

No doubt Akhil and family were dealt a lemon, but as the adage goes ‘We cannot change the cards we are dealt, just how we play the hand.’ It is admirable that Akhil turned his lemon into a story, a bestseller at that!

Bottomline: “Family Life” is neither a must-read nor everyone's cup of tea. However, it is well written, fast paced read if you are in for it.

Note to self: If life gives you a lemon …. write a story about it. (My review on Amazon.com)