In recent years, technologists and business leaders have dubbed data as “the new oil.” Why? Because both oil and data require their owners to refine them to unleash their true value. So how do you realize the vast potential of data while protecting it from threats?
On Episode 78 of the Tech Transforms podcast, we dove into these concepts with JR Williamson, senior vice president and chief information security officer (CISO) at Leidos. Formerly known as Science Applications International Corporation, Leidos seeks to address the world’s most vexing challenges in national security and health. The company also holds a wide range of civilian and Department of Defense contracts.
Is data the new oil?
During the podcast, Williamson explained that like oil, data can do little by itself. To fully optimize this immense asset in the interest of federal IT modernization, agencies must transform the following:
- Data into information
- Information into knowledge
- Knowledge into insights
Committing to this conversion transmits these insights into the hands of leaders and influencers so they can make the best and most informed decisions, Williamson said.
Smart machines will rapidly accelerate the conversion, of course. But Williamson does not particularly like the term, “artificial intelligence (AI)”. Within the context of using AI in government, he prefers “augmented intelligence” to underscore the importance of an ongoing partnership between humans and machines.
“Getting insight in and of [artificial intelligence] is important,” Williamson said. “But combining that insight with the understanding of the problem we’re trying to solve is really where the competitive advantage comes into play.”
To safeguard it all, Williamson supports the development of enriched risk management in the form of what he calls “risktacity.” He defined this term as the elasticity of rigor based on risk.
“Look, I’m an engineer,” Williamson said. “Engineers… we make up words. The concept is simple: when risk is high, rigor should be high. But when risk is low, rigor should be low. Because rigor creates friction. And friction is a speed problem.”
Why we need to replace the term “zero trust”
During our conversation, Williamson reiterated an emphatic discussion point from the 2023 Billington Cybersecurity Summit: he dislikes the term “zero trust.” He explained: “If I have zero trust, I’m not sharing anything.”
Most agencies are well on their way to satisfying zero trust requirements from the current administration. However, in pursuing federal government cybersecurity mandates, they shouldn’t go to counterproductive extremes. “The goal is to have ‘earned trust’ and then manage that trust,” Williamson said.
This is where risktacity comes into play. If the information itself doesn’t carry high risk, then it really isn’t necessary to enforce high trust factors among those requesting access. But if risk is high, then authorization is allowed only after those seeking access have earned a designated level of needed trust.
“At the end of the day, you don’t just provide ubiquitous access to things,” Williamson said. “You actually have to build access and earn the access based on who you are, where you are, what your access from, and what information is appropriate and relevant for your mission and your role.”
This episode of Tech Transforms discusses how agencies can maximize the value of “the new oil” – data – while applying new concepts in associated risk management. |
Tune in to the full episode for more insights from JR Williamson, senior vice president and CISO at Leidos.
Follow the Tech Transforms podcast
Follow Tech Transforms on Twitter, LinkedIn, Instagram, and Facebook to get the latest updates on new episodes! Listen and subscribe on our website, or your favorite podcast platform, and leave us a review!
Looking for answers?
Start a new discussion or ask for help in our Q&A forum.
Go to forum