At this month’s SDx Symposium, we will hear from a variety of thought leaders on the virtues and practicalities of creating a world where complex applications and solutions can be created from smart software components, potentially disrupting the market for the current generation of enterprise applications.
My belief is that it is essential to the success of this evolving paradigm that privacy constructs be designed and engineered into each component, protocol and solution in this framework.
To set the tone for my column this month, and my presentation at SDx Symposium on this same subject, I wanted to put some things into proper perspective.
Privacy is not information security; nor is it identity and access management, anonymisation or data masking. It is a state of mind for most consumers. It reflects the adherence to policies, laws and regulations, and is a central component of a trusted relationship between them and those in commerce and government whom they interact with at transactional and analytics level.
In the current state of enterprise applications, privacy and technology have yet to interact in a meaningful way in support of the needs of consumers and their inherent desire for meaningful trust.
There is hope for the future, however, using the notion of the ‘software-defined anything’ (SDx) paradigm.
In principle, SDx will allow developers, enterprise architects and solutions providers to deploy a common infrastructure that spans the entire enterprise and delivers applications as a service.
It will facilitate the use of common security and privacy models that are consistent and measurable no matter where the fabric is deployed (including the cloud). This is a quantum leap for the business and its customers.
To support this approach, the OASIS organisation has been at the forefront of advocating the use of privacy-by-design methodology for software development for some time now.
OASIS has created a very detailed approach based on seven basic constructs: proactive not reactive; privacy as the default setting; privacy embedded into design; full functionality; end-to-end security; visibility and transparency; and respect for user privacy.
In parallel with this is a new US privacy initiative, as part of the National Institute of Standards and Technology (NIST)’s new Cyber Security Framework, focused on creating a privacy engineering framework.
Unfortunately, there is still no appreciation as to what privacy is within either the technical community or those who use big data and analytics to deepen consumer insights.
This must end if we are ever going to succeed in our pursuit of a software-defined data centre (SDDC).
It is going to be an interesting journey over the next 24 months as all of these interests and requirements collide to create a common privacy framework for big data, analytics and software-defined applications.
I hope to see many of you at the SDx Symposium, where I will explore all of this in deeper detail.
Foggy definitions
I find it astounding that privacy advocates and scholars, and the technology community, are so far apart on the notion, much less definition, of privacy. What is long established in law is woefully inadequate in practice, and the consumer has not yet found a real voice in this conversation. The first order of business for everyone is to define privacy in the context of the 21st century consumer and move forward from there.