Mister Ockel, you counsel big companies and organizations in IT compliance. What do you see as the greatest challenge for your customers at the moment?
The It compliance became much more complex in the last 20 years. A steady flow of new national, eurooean and global regulations hits those responsible and these cascade the necessary provision through the whole organization.
Do german organizations fundamentally lack the digital competences at that?
The competences are as equally present as in other hotspots like the Silicon Valley, the Harvard/MIT region the chinese IT clusters or the smaller, but nethertheless likewise efficient Israeli companies. Several german academies steadily bring outstanding IT specialists and products to the market.
How come, that IT projects fail so often, then? Are german concerns not capable of software?
On the contrary, they are capable of it as well as the big organizations in other (mostly western) countries. But especially at software the dynamics increased, for instance by automatizations (likewise of office- and administrative processes) and networking. Conspicuously missing in Germany is a highly qualified education in complex software development. We need coding academies, which stick with the american or chinese touchstones. Developing an company-IT requires partially distinctly different competences as the programming of smartphone apps for end customers.
What is the problem with such IT systems?
IT systems are broadband networked and exchange high-frequency data of distinct sensibility. A classification of this data, the architectures and the communication paths does often not exist. Thus can not be reacted differentially to possible incidents. Moreover, the security in highly complex systems will eventually only exist statistically. For example: A commercial aircraft has for automatical bad weather landings, regulatory prescribed, three independend alitmeters. In case one malfunctions, the operating section decreases, but it does not result in major damages.
Are therefore security and stability more important to the companies than fast innovations?
The basic transactions have to function reliably. The proverb ”Never touch a running system” predominates. Innovations have to be developed nethertheless. Thus, one comes often up with the idea of differentiated infrastructures and processes, what is called the ”IT of two speeds”.
Now, the security of a Siemens and the innovation of a startup? How does this combine in the IT?
We’d be to slow, we’d always wait for the big ones. It requires the innovative pioneers to be fast. The market leader react often to this by acquiring these pioneers and onboarding them as catalysts. Thus, innovations get under the stable shield of big companies, which can also provide the capital for the broad market coverage.
Therefore, best to wait until a Siemens has a innovation in their program?
This has to be decided individually and the risks balanced against the chances. It is not as if all innovations promised by the big ones really function. The marketing does partially promise more than the technics could keep, see the media coverage about IBM Watson lately. On the other side, the big ones usually have a practiced validation of their products. This again, makes them so ponderous. Young companies compensate this with a fast support. As the person in charge, one usually talks here directly with the CEO or CTO, which is a demanding and motivating collaboration. In the agile development it’s already established, that products are being advanced steadily with the customers.
Sounds, like the need for safety and the urge for innovations are not compatible, when dealing with the real core processes? But doesn’t the greatest potential for innovation lay in here?
Yes, that is a problem. We need the celerity and flexibility of the smaller companies, therefore the startups, the specialists likewise the incubators and the special departments of the large concerns. Moreover, at our academies highly innovative ideas and technologies flourish, partially in obsurity, only waiting to reach wide dissemination by cooperation with practitioners of the industrie and society. An enchange, a financing and funding at this point, could take place far more extensive.
Do you know the secret recipe for this to work?
No, but it isn’t required either. The needs and premises are way to different for such a thing to exist. Important are a good and open communication from both sides and the buildup of trust. This can only happen by mutual activities and successes. Maybe, the conflict between great organizations and young companies is even overrated. At the end, there are always people resp. Experts working together, who get enthusiastic about their jobs. Firms cooperate at that only formally juristic. One, therefore, only needs to bring together the right minds and characters. Finally, only common sense cand help with such strategical decisions.
Since May 25, 2018, the new GDPR, applies mandatorily. How good were companies over here prepared for this?
The orientation of processes and control systems towards this new regulation still occupies plenty of companies and that to an considerable extent. The GDPR is way more extensive than the already existing policies, for example the Federal Data Protection Act. Especially the sanctions for not-compliance are, correspondent to dimension, Violations can cost a company up to 4 of the aggregate turnover. That is more than the annual result of many concerns.
What is the idea behind privacy by design and how do I consider this for new projects?
DThe idea is simple. At the development of a product is ensured, that via the product or system personal data cannot later be parallelly gathered or processed.
What is the difference between privacy by design and privacy by default?
When privacy by design leads to losses of comfort or a decreased user experience and hence flexible alternatives should be created in the data management, the standard setting is always the most data-sparingly option.
How can it be achieved in a production, that data is secure and immune to unauthorized access while being used productively at the same time?
This is a question proposed by many a the moment. Some act almost paranoid restrictive, others entirely naive. It lacks an unagitated routine, here. One mustn’t forget, that the topic data as a production factor and independent value is new to many and if the talk is then of data gold and mining, they may act irrational. A professional routine will find it’s way to this. One has to consider that digital data is copied very easily. It’s their great advantage, too.
Is cloud computing a good idea for production data then?
The use of clouds will increase, due to many reasons. Firstly, because it’s in fashion. Councils of big companies want to signalize that they are in fashion or at least not dropping behind. Such signals concrete then over different hierarchy levels to projects of respectable size. Seondly, one wants to create a balance between the own ressources (like data centers and -banks/memories) and a variable cost-risk-reducing contractor utilization. However, production data arises naturally in great amounts and has to be processed with high real-time-requirements. Here, the question of architecture is posed: Cloud versus central IT versus lokal IT (edge). The architecture heavily complies with the type of data.
Is there a difference between personal and mechanical data?
Personal data typically has high demands on the privacy, the function range and the reliability of processing. Mechanical data has to be processed timely, require often only minar software functionality, though. However, here also complex algorithms begin to find their way into e.g. adaptive resp. machine learning applications.
Will algorithms and digititalization measures replace humans in productions?
Yes, this will happend. Specifically high-automatized or (partial-) autonomous systems will displace human occupations to an considerable extent. On the other hand, even these systems have yet to be developed, produced and then constantly maintained. For this purpose additional human working power and creativity is required. How the result of occupations in average terms (10 t0 20 years) will look like, can’t be precisely predicted by any one. It wont take place without significant reorganization processes in the occupational and social sectors, tough. But within this horizont man will keep the authority.
The KI hype is therefore overrated currently?
In the long run, there will be a whole series of effects based on the application of KI systems (computers, but especially roboters, vehicles and mobile machines), which we can’t even imagine yet. KI will pose, if running freely, a great danger. A regulation is mandatory, the way I see it.
Do you recommend data science studies to your children?
I also recommend them to achieve a driver’s license. The qualified dealings with digital technology represent a basic skill. We can’t just handle our computers on a user level. The understanding has to go deeper, otherwise we stay uncritical and lapped by the machines. But when we ascertain in interviews of young people, that they assess the media-interfered communication as attractive as the personal contact, we can see, how subtle customization is.