The dark data industry is rapidly growing, and cyber crimes will only increase in the future. Dark data is generally the data collected as part of compliance but is not effectively used as part of business strategy or marketing. Thus, this type of additional but excessive data that is not protected by the core data and privacy security policy of the organization can become a target for threat actors. Today’s evolving technologies generate millions of volumes of unstructured data and make it available to the public on the internet. For the banking industry, trade and treasury workloads are hosted on the cloud, and hackers find increasing opportunities to target customer accounts and salvage sensitive information.
Guncha Malik is a professional executive security architect, CISSP, and CCSP, and the co-chair of responsible computing. She is a Qiskit Advocate and has over 20+ years of experience in the IT industry. Guncha’s deep expertise in AI ethics, quantum computing, and active work in spreading cyber awareness in this digitally connected world makes her a top influencer and role model in cybersecurity.
In this interview, she shares engaging insights on open-source computing, cybersecurity, and how she balances her personal, family, and work life, so let’s dive in.
What are your thoughts on the dark data industry and its landscape?
This is another industry yet to be unleashed. There is an increased awareness amongst industry members of dark data. More and more studies and articles are being published on dark data and the best practices and measures that enterprises can implement to reduce the impact of dark data and put it to good use for their business growth. In 2020, Veritas Technologies published a study that “an estimated 6.4m tons of CO2 will be unnecessarily pumped into the atmosphere as a result of powering storage of [dark data]” (Veritas, 2020). Still, a lot needs to be done to show the impacts of dark data on global emissions and the benefits if utilized well, i.e., return of investment (ROI) vs. the cost of inaction (COI).
While ROI is lucrative for businesses, the additional benefits of reducing their carbon footprint will enable these enterprises to strengthen their brand value and commitment to environmental, social, and economic sustainability.
Dark data is a challenge being faced by all industries. All industries are required to protect the personal data of their customers, some more than others, with some regional regulatory requirements imposing hefty fines if this data is misused or mismanaged. Collecting and endlessly storing dark data without required protections generates unknown risks for organizations.
Responsible ComputingTM, managed by Object Management Group (OMG), is a membership consortium that is taking some exciting steps in creating this awareness and enabling industry members to work towards their sustainability goals by taking action across six domains, with data usage being one of them. We recently published a white paper on Dark Data: Origins, Impact, And Transformation to create this awareness.
How do you practice responsible computing and promote its awareness?
Responsible ComputingTM was formed in 2021, under the management of the Object Management Group (OMG), with IBM and Dell being its founding members. We have a passionate team of volunteers leading the activities across the six domains and have already started publishing white papers and delivering webinars to create this awareness amongst the industry members. A self-assessment tool has already been published that can be utilized by the member organizations to understand their current postures. It will help them start on their responsible computing journey.
We have a lineup for other activities planned for the remainder of the year to showcase the benefits of implementing some of these use cases.
What was your time at IBM like, and how did those 13 years shape you professionally?
These 13 years have been quite transforming for me, personally and professionally. IBM has allowed me to explore my interests and steer my career in the direction that interests me. I have been saying this to all my mentees: for the last 13 years, I have been waiting to receive directions from my manager. Instead, I have been suggesting what needs to be done and have only received support from my leadership to take steps in that direction.
On the personal front, I have become more patient and have learned that achieving goals may take a while, but what we achieve in the end is worth waiting for.
On the professional front, I have transformed my career from being a QA Manager to becoming a security architect purely based on my willingness to learn and lean forward to take practical steps for the organization. My leadership has always encouraged ideas and proposals that benefit the organization and promotes employees’ willingness to work in open-source communities and projects. With regard to my efforts in educating children and teachers on “safe and secure online” as part of iamcybersafe.org, I was actively engaged in imparting this awareness amongst the rural students across India as part of the STEM for Girls initiative by IBM India CSR.
Apart from transforming my career into the information security domain, I have dedicated my efforts to the open-source Qiskit community and reached out to university students to get them started on their journey in the Quantum Computing domain. Responsible Computing is another community with which I have been heavily engaged, and I am excited to see how we can transform the industry in that space.
What recommendations would you make to companies that do not have a security policy?
Having a security policy in place is one thing, while following it is another. Challenges related to security policy are more so with micro, small, and medium enterprises (MSMEs). They need the capacity or the resources to invest in creating and implementing a security policy.
With the digital transformation that the industries are going through, the MSMEs must assess their risks and associated impacts and design a security policy that is more attuned to their business landscape and reduces their business risks to an acceptable level.
Trade associations like the Confederation of Indian Industry (CII) and its regional units conduct seminars from time to time to bring this awareness to the MSMEs. These are good opportunities for these businesses to learn and explore the critical steps for sustaining their business as disruptive technologies continue to emerge.
Outside of work, how do you spend time with your family, and how do you recharge yourself?
Unsurprisingly, my initial years had been more focused on my family. It was fun to design clothes for their fancy dress for birthday parties and be asked by teachers and parents if I was a fashion designer! Over the years, these activities re-invigorated the artist in me, and I created my first large painting last year. It is still hanging in my living room and is appreciated by anyone who sees it. So, I am excited and have other artifacts lined up for my next art!
Can you share a personal failure you’ve experienced and how you overcame it?
That is a good question, indeed. What does one think of when it comes to a career? Getting a position – that’s how people think about career growth. And I am no different. Having spent many years aspiring for positions, I have realized that career growth is not about getting a position or a title. When you expand your horizon and focus on your interests, opportunities land on your plate, and you truly realize that this is what career growth is. Probably it is the journey that leads to this realization. The first step to making any change is to realize the “need” for the change. And this realization can come in different forms. When this realization dawned upon me, I knew I had to break all the barriers and prove to myself that I am capable of much more than what others think. Since then, I have just focused on my eagerness to know about things and my interest in learning. I have stopped worrying about positions but am looking for work that interests me. I aspire to be relevant and make a difference, even in the smallest capacity I can. I hope that this is what others see in me as well.
What are your thoughts on open-source cybersecurity software and hacking?
These are exciting times, with many open-source communities coming together to solve challenges faced by most organizations. Cybersecurity space is not left behind. Organizations of any size can use these open-source tools to identify vulnerabilities and assess their security postures. These open-source tools give an organization the advantage of building on top of others’ contributions and consuming software that has been vetted by many. Of course, there needs to be some analysis done on the amount of trust that can be placed in that open-source software based on how active the community is and understanding the background of the contributors.
Learning from the recent high-profile supply chain attacks, it is imperative for organizations to frequently review their open-source supply chain inventory and monitor vulnerability databases, and apply recommended fixes and mitigations for vulnerabilities identified in these packages.
Can you describe your experience interacting with members of the Quantum Computing and Artificial Intelligence Club recently?
It is always interesting to interact with the students from the universities. The newer generations know much more than we used to when we were at that age. They are eager to learn and are clear on their interests and goals. Without a doubt, digitization and easy access to the internet has a role to play in this, and we know these are also the reasons for disorientation and loss of focus. So, I appreciate it when I see these budding leaders coming together to form clubs that give a platform for many others to collaborate and learn new technologies.
One doesn’t know what current actions could lead to in the future or how they may transpire into an area of interest that one would like to explore further or pursue as a long-term interest.
About the Author
Executive Security Architect,
Guncha Malik is an Executive Security Architect, CISSP, CSSP, and the co-chair of responsible computing. She is a strong Qiskit Advocate and a genius when it comes to people management, women leadership, risk analysis, process improvement, and business development. Her skills in security compliance, project planning, test tracking, and data management put her in a top position in the cybersecurity industry. Guncha also has 23+ years of experience in IT, and she is passionate about topics like AI ethics, quantum computing, and optimizing security in today’s continually connecting world.
As technology makes massive strides, organizations need to do their best to keep up and improve their cybersecurity postures. Hackers will continue exploiting vulnerabilities and target customers without stopping ongoing threats. Dark data is unstructured by nature but holds much potential when it comes to jeopardizing the reputation of organizations due to the sensitive information it holds. However, with the proper measures, companies can protect it better and ensure it doesn’t fall into the wrong hands.
Veritas. (2020, April 21). Media Alert: Veritas Technologies Projects Dark Data to Waste Up to 6.4m Tons of Carbon Dioxide this Year [News Release]. https://www.veritas.com/news-releases/2020-04-21-veritas-technologies-projects-dark-data-to-waste-up-to-6-4-m-tons-of-carbon-dioxide-this-yea