A Long Dark Tea-Time of The Soul
A lot has happened since my previous post and I indeed lived and breathed Enigma Bridge. While we kept focussing on a particular market segment we decided to make our products easier to test by smaller companies – a new test/staging instance of Enigma Bridge service will be launched within days. We did a good progress business-wise as well. But one thing I want to mention in particular is an ASIRTA tool – a baseline profiler for data governance.
I met one of the authors (The Common Framework) just before Christmas and the chat gave me a lot to think about. Whilst we have been introducing Enigma Bridge very much as a technology company, what it offers has a much wider reach and it is easy to turn it into a “Data Governance platform”.
A free version of the ASIRTA tool allows you to quickly define your particular interest (e.g., public / private company, financial / health / … focus). What you can see then is a list of obligations and what can happen if you can’t prove compliance and/or sufficient governance – including prison sentences and unlimited fines, and so on.
This made me realize, yet again, the disconnect between technology folks and boards of PLCs. The difficulty of explaining governance requirements in technical terms and vice versa. Somewhere in between must be people able to do this “translation” and my feeling is that these are the most important people in any corporation and their work is difficult for two reasons: lack of technical knowledge and weak imagination for technology use-cases. The failure to do this “translation” correctly will (or will not) lead to serious financial losses. The important part is that whether it happens is beyond the control of the PLCs.
It is possible to maintain an image of a well governed company for a long time, even make external auditors happy. Until someone with good technical skills (i.e., hackers) look at the reality, the implementation of security and figure out how to make money from exploiting vulnerabilities.
It is not an easy attack scenario but once it is verified, its scaleability can make any risk model obsolete within hours.