Bill Bonney, Principal Consulting Analyst
Bill Bonney has more than 25 years of experience in Information Technology, Information Security and Privacy, Cybersecurity, Identity and Access Management, and Risk Management. His expertise ranges from risk analysis and security and technology program design to mastery of control frameworks and business process engineering.
Bill has held senior management positions in Information Technology and Information Security, most recently as a Director of Information Security and Compliance at Intuit, Inc., a Fortune 500 provider of personal and small business financial products. Prior to Intuit, he was a Principal with Ensemble Consulting, where he provided interim CIO services to Silicon Valley clients, including Callidus Software and InVision Technologies. Prior to Ensemble, he was the Director of Global Information Technology for Unify Software.
Along with two co-authors, Bill published the “CISO Desk Reference Guide: a practical guide for CISOs” for recently hired or promoted CISOs and aspiring CISOs.
At TechVision Research, Bill is focusing on the following areas of specialty:
- Organization Assessment & Transformation
- Communication and Change Management
- Talent Assessment, Planning and Development
- Security Audit and Readiness
- Security Due Diligence- M&A Support
- Identity and Access Management (IAM)
- Internet of Things (IoT)
- Information security organizational strategies
- Governance, Risk and Compliance (GRC)
- IoT and Risk
Recently Published Research
IoT Risk Amplifiers
The Future of Identity Management
Despite the decades of investment and hard work, many organizations face greater identity management challenges today than they did 15 years ago. Today, many organizations struggle with a hodge-podge of silo’d, poorly or non-interoperable IAM functions that are impossible to govern properly and are hindering proper risk management.
This highly actionable report supports our clients as they develop five-year technology infrastructure plans. In this report we make specific projections as to where we believe Identity Management will be going over the next five years and we describe a model for identity abstraction that provides an extensible services oriented architecture.
To provide our clients with the most comprehensive view of Identity Management, we augment our own expertise with the insights of what we consider to be the top thought leaders and industry experts to deliver the most comprehensive perspective on the Future of Identity Management.
Internet of Things (IoT) Reality Check
TVR Crosstalk Report – Identity Management and Data
What are the connections between identity and data in the enterprise? When one protects identity, they are really protecting data: data that is a representation of the identity. Unfortunately, as discussed in this new CrossTalk report by TechVision Research most organizations don’t have data management and even when they do have data management, the identity data is usually left out of the discussion. At TechVision Research we continually see data mismanagement undermining all aspects of the business function. As Noreen Kendle has experienced “data mess-up is equal opportunity across all types of data, including identity data.” Noreen goes on to say “I’ve seen companies overwrite big text fields with identity-related information primarily because they don’t want to stop and enhance the database schema and structures: this includes credit card numbers, social security numbers, etc.” Obviously, this is a huge privacy issue because the fields are not identified as identity fields and the IT staff is oblivious to the situation. Bill Bonney speaks from experience building an IdM practice as he “agrees that overloading is an issue.” But, as Bill likes to point out, “It’s not just overloading, it’s making assumptions about what is in a field and assumptions about how the field is evaluated and before you know it you have sub-processes built up around a falsely validated field.” This establishes a false foundation that eventually causes the entire trust chain to break. As Bill states, “inevitably, someone will use the data based on how it was first created (the field label of record).” This is a symptom of a far greater problem. There is a huge assumption made by IT staff and the identity management tools they use that the data fields are accurately representing the data stored in the field. This just isn’t so! Given this reality of identity and data mismanagement in the enterprise, this report focuses on the following key concerns:
- The evolution of identity data as its own domain
- The impact of silos on identity data management
- The potential of virtual directories as an identity data management approach
- The impact of data reuse on identity and the resulting authenticity decay
- Identity data governance: is built on a foundation of quicksand
There are things organizations can be doing today to address these concerns. Specifically, this report discusses a five-step program for identity data governance based upon the team’s experience working with data and identity in F1000 enterprise.
Unlocking the Value of IoT to the Enterprise
This report dives deeper into the critical success factors necessary to unlock the value of the IoT eco-systems that are developing in different market segments. For each market segment covered, TechVision Research examines in detail the transformational outcomes that IoT promises. To achieve these outcomes we outline the stages each enterprise must go through to both develop the capabilities necessary and provide real world guidance for assessing the available tools to help one achieve these outcomes. This report covers:
- Defining IoT eco-systems TechVision Research sees developing for the enterprise based on market segmentation
- Outlining the potential transformational benefits of IoT by market segment
- Real world guidance to assess the emerging tools for enterprise IoT implementation, governance and risk mitigation
The Rise of Machine Learning in the Enterprise: Managing the Opportunities, Handling the Threats
Artificial Intelligence has gained massive traction over the last two-three years in the business world as well as through popular media. The expression covers a wide range of application areas and impacts at a multitude of levels. Today, with a few exceptions, the application of artificial intelligence for the enterprise translates to machine learning. Although covering a broad range of technical approaches itself, machine learning in general provides a great business opportunity to streamline and automate complex processes improving efficiency and operational costs. Not surprisingly, not everyone is as thrilled about the potential impact that ‘intelligent machines’ will have, with concerned managers and employees worried that they might eventually lose their jobs. Nevertheless, the appropriate application of machine learning is increasingly becoming a necessity for the management and analysis of big data and as a vital extension to cyber security measures such as fraud prevention. Knowing how, when and where to adopt a machine learning strategy over the coming two-three years will be key to the successful running of any organization, large or small.
In this report, we investigate this emerging trend, and what should be the next steps for TechVision Research clients.
This report covers:
- The value proposition and business rationale for the enterprise associated with machine learning
- Applications and uses, present and future, of machine learning
- Six steps an enterprise should start to take to best leverage machine learning