Data protection in 2020, only the responsible will survive
The past decade saw a number of massive data breaches from well-known companies such as Target, Yahoo, and Equifax. In the coming years, companies will need to find better ways to protect their data and ensure customer privacy. This article dives into some of the adjustments that we can expect to see in the next few years.
Over the last decade, one thing has become clear – the massive amounts of data that are constantly generated and stored have grown faster than the security built to protect it. As organizations move to the cloud and adopt more modern approaches, such as IoT, it has become more difficult to control critical data. Add to that more sophisticated cyberattacks, and it has forced companies to think differently when it comes to the storage, use and protection of data. As companies figure out the best ways to protect their data, they must be aware of the fundamental changes in the way data protection currently works. Let’s take a look at some of the adjustments we will see in the next few years.
Companies will revolt against vendor lock-in
Industry consortiums are beginning to form around the question of “how do you securely share data beyond traditional at-rest encryption?” While the aims are noble, companies do not want to be locked into a vendor’s architecture.
Organizations typically need a combination of vendor solutions to establish the strongest security posture. We have already started to see companies move against lock-in when it comes to data storage with the rise of multi-cloud services. As cloud vendors have allowed for a company to pick what works best for them in any situation, security vendors will have to as well. Effective security requires being data agnostic and having open collaboration among all vendors in order to solve real-world customer problems.
The downside of customers moving to a multi-vendor approach is that while it is appealing to have options and promote redundancy to reduce business risk, the time, money and resource costs to diversify infrastructure with multiple providers can be overwhelming. However, using a single provider can put an enterprise at a greater risk for data loss, outages and performance fluctuations that affect user experiences and even impact revenue. It will take time and resources, but moving to a diversified solution will provide the best platform for a secure company.
The data protection service will become a security architecture standard
It is no secret that data has become a driving force like nothing we have ever seen before. Unfortunately, the large amount of data that is stored by companies has a target on its back. In the first half of 2019 alone, reports show more than 3,800 data breaches exposed over 4.1 billion records.
Data breaches continue to wreak havoc because traditional at-rest database security solutions do not protect data against modern-day attacks. To guard against external and internal threats, businesses must use data-centric protection methods that implement a ‘fail-safe’ approach instead of reacting to breaches.
This fail-safe approach does not just mean protecting stored data – it means adding layers of security that are ingrained in every part of a company. Take serverless computing as an example: serverless applications can be run anywhere, so the data must be protected at all times, not just when it is not in use. To combat the use of data anywhere, companies must include a centralized data protection platform in their security plans that can be implemented anywhere data is used, processed or stored.
With the continued reliance on more fluid and ephemeral services, more companies will implement a Data Protection Service to provide a common security architectural model to protect data, enforce access control and minimize data exfiltration.
In the 2010s we witnessed massive, high-impact data breaches and abuses of consumer trust (Facebook/Cambridge Analytica, Yahoo, Marriott, Equifax, Target). These events opened our eyes to the fact that organizations must develop new ways of protecting data and privacy. Over the next ten years, we will see a bifurcation between companies that protect user data and share it responsibly, and those that do not. Those that design their systems to share data responsibly will thrive and soar in value.