News and Updates

Related Articles

Unseen Layers: A Personal Take on Data and IT Practice

– by Alex DiMarco – Manager, Technical Services

I’m a bit of a data nerd. The idea of data fascinates me, not just as information stored for later use but as a complex, ever-present force that shapes our lives. We shed data constantly, like flakes of skin, leaving fragments everywhere—often unnoticed and unconsidered. Having worked in Information Technology for a long time, I view data differently than most. My experiences have shaped my understanding, values, and approach to technology.

The Shift in Data Value

The monumental shift in data’s value became clear to me with the rise of Google. Larry Page and Sergey Brin, while at Stanford, saw potential in the linking structure of the internet and large-scale data mining. Their insight turned scattered “flakes of data” into a goldmine, not just for analysis but for business. This moment triggered a wave of entrepreneurial energy in the U.S., turning personal data into revenue streams.

I saw this firsthand while supporting the Computer Science Innovation Lab. Startups were eager to attract “virtual seats”—users for their apps—to secure capital investment. Their strategy was simple: offer a valuable service for free (or mostly free) and monetize the data users provided. The data itself became the product, and the goal was to make it as marketable as possible.

The Business Model and Its Ethical Implications

This model has become a cornerstone of modern business. Traditional enterprises now look to supplement their services with big data analytics, often without much concern for personal ownership, control, or ethical considerations. The risk of manipulation and misuse is real, and the effects can be far-reaching.

The rise of AI has only compounded these risks. We are facing a perfect storm where social, economic, political, and informational abuses can destabilize societies. We are already seeing the consequences play out on the global stage. Yet, big data itself is not the problem.

Data has enriched our lives, especially in academic research, which has established ethical systems to protect people. Unfortunately, this level of ethical rigor is still lacking in much of the business world. However, government efforts—especially in Europe—are growing to regulate and protect personal data.

The Role of IT in Data Stewardship

Over the years, I’ve seen how IT professionals sit at the center of these data struggles. We work to create best practices and safeguard data through well-designed systems and processes. Yet, in the battle over data ownership and access, IT professionals have become unwitting pawns.

When I started in IT, the data was local. We built systems to manage, collect, secure, and store it, ensuring it was accessible, private, and well-protected. As data moved from physical cabinets to digital spaces, IT became the key managers and gatekeepers. We enabled work to happen, often behind the scenes, and took the blame when things went wrong.

As companies recognized the value of personal data, the move to the cloud became a key focus for advancing additional revenue streams. Local IT systems were increasingly viewed as the problem—unreliable, prone to failure, and not to be trusted. The solution became “big black box systems,” which were touted as the answer to data security and efficiency. Yet, behind the glossy surface, data farming happened discreetly, often buried in “small print” agreements that users rarely read. This shift sidelined local IT control, distancing professionals from direct stewardship and raising ethical concerns about how data was being collected and utilized.

Big systems, however, are not the problem. They have their place and bring real benefits—from supporting global scalability to enabling remote access and facilitating disaster recovery. These systems can offer centralized management and streamlined operations for large enterprises. But the primary driver for the shift to cloud solutions was not security or competence; it was revenue. Ironically, behind the scenes, servers and systems remained largely the same, managed by IT professionals in data centers with the same levels of access and control as local teams. The only difference was that they were no longer your local IT. Control became more distant, and trust was transferred to faceless entities managing these solutions, shifting the landscape of data stewardship while masking revenue-driven motives.

Instead of ensuring local IT was vetted and accountable, organizations leaned on certifications and contractual assurances to provide comfort that data was safe. Standards such as SOC 2, ISO 27001, PCI DSS, and HIPAA compliance became the benchmarks for trust. Legal data agreements and service-level contracts replaced the personal accountability once upheld by knowledgeable local IT teams. While these frameworks offered a sense of security, they also created a layer of abstraction, where assurances on paper did not always translate into practical, transparent stewardship. The personal relationship with IT was replaced by legalese and audit reports, further distancing decision-makers from the realities of data management, often with significantly greater costs.

Local IT was further criticized for failing to meet the standards and tests imposed by large business interests, which eroded trust even more. However, this shift also introduced hidden security risks. Questions about where data was stored, who truly had access, and the potential for a broader attack surface were often overshadowed by glossy compliance reports. Large data centers, while efficient, introduced vulnerabilities such as centralized attack points, risks of insider threats, and complex infrastructures that were challenging to audit thoroughly. The abstract nature of cloud systems meant that companies often did not know the exact location of their data or the chain of custody, leaving room for potential exploitation or mismanagement. The complexity and scale that were once touted as benefits also became liabilities, hidden under layers of abstraction. IT teams expanded internally deploying and assisting end users with little control and access, while services expanded externally to handle all the additional layers to ensure revenue streams continued.

Cloud storage, despite its benefits, suffers from significant security challenges. Common issues include misconfigured storage leading to data leaks, an increase in attack surfaces, and the difficulties of tracking access rights across vast systems. Recent statistics (https://www.stationx.net/cloud-security-statistics/) highlight how frequent and costly these breaches can be, with a sizable portion stemming from human error and inadequate security protocols. While local data centers also have vulnerabilities, they provide advantages such as clearer oversight, tighter access control, and more immediate accountability. Both approaches have validity, but success in either requires strategic investment, diligent oversight, and thorough research. Solving data security challenges is not about choosing one path over another but embracing a collaborative, needs-focused approach where diverse solutions are explored and implemented based on context and risk profile. This also requires a conscious awareness of biases towards solutions or familiar directions, ensuring decisions are based on objective analysis rather than convenience or convention. IT management decisions must be informed by deep domain knowledge to truly assess risks, implications, and the long-term impact on data stewardship.

Moving Forward

Understanding the evolving landscape of data is essential. Ethical stewardship should be a priority, not an afterthought. As information professionals, we do not just manage systems and data but advocate for responsible data practices. We must recognize the broader implications of our work and push for practices that protect personal integrity while enabling innovation. In a world where data is currency, we are the caretakers, and the responsibility to handle it with care has never been greater.