What lies ahead in business and technology? To find out, ForwardView posed five forward-looking questions to Peter H. Gregory, a veteran risk management and IT expert. The author of 20 books on security and technology, Gregory also works as a security and risk manager in a U.S.-based financial services management organization. You can hear more from Peter in our podcast deep dive into risk management.

ForwardView: How does social media affect your work—and how do you see social media changing the way people work?

Peter H. Gregory: I just read a statistic today that suggested that many people spend as much as four hours a day on MySpace, or Facebook or LinkedIn. Now, that's a lot of time. So corporations, for the most part, are going to see social media and social networking like e-mail on steroids, in that it's something that siphons time away from the tasks that they want their employees to be working on.

But there's a different perspective as well. Recruiters, for instance, can make good use of social media by searching for employment candidates' profiles at popular social media sites. Security analysts and investigators can use social networking to gather additional intelligence. People are publishing their ongoing biographies to the world, and employers—like anyone else—have a right to look at this information and make risk decisions, based on what they see. Organizations that do periodic background checks for people in high-risk positions. Things like credit reports and recent criminal history. It could also include looking at what employees are saying on social networking sites. Now, some people might take these perspectives as saying, well, this is a Big Brother invasion of privacy, but I disagree. When people post information to social networking sites, it's no longer private.

ForwardView: How much collaboration is involved in your work—and how do you collaborate?

Gregory: In the context of corporate risk management, collaboration is key. A data security officer is an agent of change in an organization—and as a change agent, I can be effective only when I work with others in an organization to understand their business processes and introduce the changes that I think are needed in their processes to reduce risk. Most data security officers in companies cannot really mandate changes, but instead they have to sell them, and that requires collaboration.

One misperception I often hear about security professionals is that they put roadblocks in front of projects, and that if there is a risk associated with some activity, then that activity must be stopped immediately. And really, security is not really about stopping processes. Rather, security is about understanding business processes, understanding the economics of a business activity, and then understanding risks in the context of these processes and economics.

ForwardView: What technology do you think will make the biggest business impact in the next two years—and why?

Gregory: I think that the biggest business impact is going to be realized in server and desktop virtualization. These technologies that have been around for a long time have seen some really great improvements in the last few years, and businesses are better understanding how they can be used. Traditionally, different kinds of software—like database management systems, Web servers, application servers—needed to be placed on physically separate machines. That meant there were a lot of systems to purchase and manage, and a lot more space taken up in data centers. But with virtualization, these different, separate systems can be virtualized, saving space and saving capital.

Virtualization is not new—it's been around for years—but I believe that many organizations are now beginning to really breathe it in deeply. It's positively impacting their bottom line and gentler on the environment as well, through the use of fewer materials and energy.

ForwardView: Which social issues do you believe can be solved with technology? What will really make our world a smarter planet?

Gregory: There are many kinds of interpersonal communications that can be solved with technology. We have seen the evolution of Internet-based communications, starting with e-mail, followed by newsgroups, better e-mail, instant messaging, chat rooms, online forums, and now social networking. And these capabilities are now available, not just on our desktop and laptop computers, but also on our smart phones. Improvements are still needed, but these different technologies we've seen over the last 20 years are evidence that we're learning and improving the ways that we communicate with others—whether it's with healthcare providers or banks.

ForwardView: What's the best piece of professional advice you ever received?

Gregory: Well, my first boss and mentor, Ralph Pratt, taught me in two short but career-changing sessions, how to explain difficult-to-understand concepts to nontechnical people. Through some simple role playing, he really helped me understand how to use analogies. And so my analogies might range from things like an automobile, or a hand calculator, a door on the front of someone's house with a lock in it—something that brings a similar context to life so people can quickly understand what’s going inside an information system or a security control.