Big data's influence on meeting regulatory compliance requirementsDate: Mar 28, 2013
Phil Shelley is certainly a busy man: He is chief technology officer (CTO) at Sears Holding Corp. in Hoffman Estates, Ill., where he leads IT operations and assists with the migration of workloads off mainframes, implements large-scale private open source cloud computing, and uses Hadoop for big data business intelligence. Shelley is also CEO of Sears Holdings subsidiary MetaScale, an IT managed service company that creates and operates Hadoop-based analytics solutions.
In this video shot at the recent Fusion 2013 CEO-CIO Symposium in Madison, Wis., Shelley sits down with SearchCompliance editor Wendy Schuchart to discuss how big data and the increased number of regulatory compliance requirements are influencing IT operations for the modern organization.
Hi. I'm Wendy Schuchart, site editor of SearchCIO and SearchCompliance. Today I'm talking with Phil Shelley, CTO of Sears Holdings Company. Today we're talking about issues of big data and regulatory compliance requirements, along with Hadoop.
Is there anything that a midmarket or a smaller company CIO can do to guard the compliance factors that they may have to deal with in more sensitive industries, for instance in health care or in finance?
Phil Shelley: Yes, I think the techniques I just explained with segregation, access control and the tools that limit access are the same tools, actually, because they're not expensive, as they mostly are open source. There's one or two that are purchased, but the techniques are the same whether you're big or small. The costs are not outrageous. So a midsized company can easily implement the same techniques as a large company.
More on big data and compliance
The compliance burden on information governance strategy
Maintaining the balance between data governance and compliance
Will cybersecurity legislation impact any of the innovations and adjustments that are made by the community to Hadoop? Do you see any vulnerability there?
I do. I think the acceptance of or the use of encryption, for instance, on Hadoop is pretty low today. People are using these layered approaches to security, which is the best practice in many systems. Encryption is definitely starting to gain more interest and traction. I think that's going to be important.
Does the increasing number of compliance regulations across virtually every industry make it too difficult on businesses to be successful?
It makes it more complex, that's for sure. Not impossible though. You just have to work around those compliance requirements and deal with it. It's going to happen, so we just deal with it. It's just another change in IT.