For our premium content subscribers

Bill Bonney, Principal Consulting Analyst
Bill Bonney, Principal Consulting Analyst

Bill Bonney has more than 25 years of experience in Information Technology, Information Security and Privacy, Cybersecurity, Identity and Access Management, and Risk Management. His expertise ranges from risk analysis and security and technology program design to mastery of control frameworks and business process engineering.

show more

Bill has held senior management positions in Information Technology and Information Security, most recently as a Director of Information Security and Compliance at Intuit, Inc., a Fortune 500 provider of personal and small business financial products. Prior to Intuit, he was a Principal with Ensemble Consulting, where he provided interim CIO services to Silicon Valley clients, including Callidus Software and InVision Technologies. Prior to Ensemble, he was the Director of Global Information Technology for Unify Software.

Along with two co-authors, Bill published the “CISO Desk Reference Guide: a practical guide for CISOs” for recently hired or promoted CISOs and aspiring CISOs.

At TechVision Research, Bill is focusing on the following areas of specialty:

  • Organization Assessment & Transformation
  • Communication and Change Management
  • Talent Assessment, Planning and Development
  • Security Audit and Readiness
  • Security Due Diligence- M&A Support

show less

 

 

Expertise:

  • Identity and Access Management (IAM)
  • Internet of Things (IoT)
  • Information security organizational strategies
  • Governance, Risk and Compliance (GRC)

Workshops:

  • IoT and Risk

Recently Published Research

IoT Risk Amplifiers
If we look past the fear and hype of connecting autonomous and semi- autonomous devices together in the so-called “Internet of Things” or IoT, there is a sea change in how we empower the worker, enhance the workplace and go to market. The IoT is permanently changing business models in every industry and, as importantly, the Connected Worker is first a Connected Consumer who carries personal communication devices and a myriad of sensors with them at all times. The combination of enhanced tracking through RFID (radio frequency identification); monitoring through device-borne, embedded, and wearable sensors; and autonomous or remote control of adjustable mobile devices that are connected to, or share, an organization’s network is amplifying the current risks of existing IT systems and creating new risks that must be cataloged, ranked, and addressed. This is what we seek to understand and manage. In this report, we will leave the FUD (fear, uncertainty, and doubt) aside, ignore the hype, and look at the real risks facing the enterprise due to the exploding use of personal devices.

 

The Future of Identity Management
Identity Management is at the core of the secure IT infrastructure that every company, government agency and institute of higher education strives to achieve. It is one of the most fundamental building blocks in support of any level of communication, collaboration or commerce within an organization or across the Internet.

Despite the decades of investment and hard work, many organizations face greater identity management challenges today than they did 15 years ago. Today, many organizations struggle with a hodge-podge of silo’d, poorly or non-interoperable IAM functions that are impossible to govern properly and are hindering proper risk management.

This highly actionable report supports our clients as they develop five-year technology infrastructure plans. In this report we make specific projections as to where we believe Identity Management will be going over the next five years and we describe a model for identity abstraction that provides an extensible services oriented architecture.

To provide our clients with the most comprehensive view of Identity Management, we augment our own expertise with the insights of what we consider to be the top thought leaders and industry experts to deliver the most comprehensive perspective on the Future of Identity Management.

 

Internet of Things (IoT) Reality Check
At TechVision, we believe there is significant value in cutting through the hype surrounding the impact of connecting autonomous and semi-autonomous devices together in the Internet of Things (IoT). While much of the press coverage centers on the direct impact on humans (self-driving cars, automated appliances, etc.), the economic engine driving IoT are the billions of interactions we will never see. There will certainly be value derived from exposing every consumer to data-driven outcomes, but there will be significantly greater value created by putting every supply chain, production line, maintenance process, and support manager in touch with large pools of product-focused data that will cause an explosion in optimization within every industry to take place and then allow companies to both open new markets and develop new ways to deliver value to customers. In this report, we focus on the pure potential of IoT and how an enterprise may best leverage this potential.  More importantly, in this report we lay out the key challenges one must overcome before even attempting to leverage IoT.
TVR Crosstalk Report – Identity Management and Data
What are the connections between identity and data in the enterprise?  When one protects identity, they are really protecting data: data that is a representation of the identity.  Unfortunately, as discussed in this new CrossTalk report by TechVision Research most organizations don’t have data management and even when they do have data management, the identity data is usually left out of the discussion. At TechVision Research we continually see data mismanagement undermining all aspects of the business function.  As Noreen Kendle has experienced “data mess-up is equal opportunity across all types of data, including identity data.”  Noreen goes on to say “I’ve seen companies overwrite big text fields with identity-related information primarily because they don’t want to stop and enhance the database schema and structures:  this includes credit card numbers, social security numbers, etc.”   Obviously, this is a huge privacy issue because the fields are not identified as identity fields and the IT staff is oblivious to the situation. Bill Bonney speaks from experience building an IdM practice as he “agrees that overloading is an issue.”  But, as Bill likes to point out, “It’s not just overloading, it’s making assumptions about what is in a field and assumptions about how the field is evaluated and before you know it you have sub-processes built up around a falsely validated field.”  This establishes a false foundation that eventually causes the entire trust chain to break.   As Bill states, “inevitably, someone will use the data based on how it was first created (the field label of record).” This is a symptom of a far greater problem.  There is a huge assumption made by IT staff and the identity management tools they use that the data fields are accurately representing the data stored in the field.  This just isn’t so! Given this reality of identity and data mismanagement in the enterprise, this report focuses on the following key concerns:

 

  • The evolution of identity data as its own domain
  • The impact of silos on identity data management
  • The potential of virtual directories as an identity data management approach
  • The impact of data reuse on identity and the resulting authenticity decay
  • Identity data governance: is built on a foundation of quicksand

There are things organizations can be doing today to address these concerns.  Specifically, this report discusses a five-step program for identity data governance based upon the team’s experience working with data and identity in F1000 enterprise.

Upcoming Research

Unlocking the Value of IoT to the Enterprise
This report dives deeper into the critical success factors necessary to unlock the value of the IoT eco-systems that are developing in different market segments. For each market segment covered, TechVision Research examines in detail the transformational outcomes that IoT promises. To achieve these outcomes we outline the stages each enterprise must go through to both develop the capabilities necessary and provide real world guidance for assessing the available tools to help one achieve these outcomes. This report covers:

 

  • Defining IoT eco-systems TechVision Research sees developing for the enterprise based on market segmentation
  • Outlining the potential transformational benefits of IoT by market segment
  • Real world guidance to assess the emerging tools for enterprise IoT implementation, governance and risk mitigation

The Rise of Machine Learning in the Enterprise: Managing the Opportunities, Handling the Threats
Artificial Intelligence has gained massive traction over the last two-three years in the business world as well as through popular media. The expression covers a wide range of application areas and impacts at a multitude of levels. Today, with a few exceptions, the application of artificial intelligence for the enterprise translates to machine learning. Although covering a broad range of technical approaches itself, machine learning in general provides a great business opportunity to streamline and automate complex processes improving efficiency and operational costs. Not surprisingly, not everyone is as thrilled about the potential impact that ‘intelligent machines’ will have, with concerned managers and employees worried that they might eventually lose their jobs. Nevertheless, the appropriate application of machine learning is increasingly becoming a necessity for the management and analysis of big data and as a vital extension to cyber security measures such as fraud prevention. Knowing how, when and where to adopt a machine learning strategy over the coming two-three years will be key to the successful running of any organization, large or small.

 

In this report, we investigate this emerging trend, and what should be the next steps for TechVision Research clients.

 

This report covers:

  • The value proposition and business rationale for the enterprise associated with machine learning
  • Applications and uses, present and future, of machine learning
  • Six steps an enterprise should start to take to best leverage machine learning

 

 

© 2019 All Rights Reserved

We can help

If you want to find out more detail, we're happy to help. Just give us your business email so that we can start a conversation.

Thanks, we'll be in touch!

Stay in the know!

Keep informed of new speakers, topics, and activities as they are added. By registering now you are not making a firm commitment to attend.

Congrats! We'll be sending you updates on the progress of the conference.