What’s coming in 2018: Digital privacy and security predictions
© Shutterstock / deepadesigns
Organizations in 2018 will have greater capabilities to decentralize information need, through both blockchain- and non-blockchain-based solutions. In this article, Joe Stuntz, Vice President of Cybersecurity at One World Identity (OWI) gives his digital privacy and security predictions.
Data breaches and accompanying public frustration have become increasingly common in recent years, but 2017 was truly a banner year for mismanagement in cybersecurity. Yet, after a week or two of outcry and outrage, it seems things kept going back to business as usual. Congress escalated their interest in the digital privacy, but mostly in a shaming capacity. As companies move into 2018, the hope is that a desire to avoid the bad publicity and reputational damage associated with a breach, combined with regulatory pressure from the EU, will mean more real action to protect privacy.
From the regulatory side, privacy improvements will be driven in large part by adoption and the move towards adoption of General Data Protection Regulation (GDPR) in the EU. At a high level, GDPR means that people now have the ability to request their data be deleted, and explicit consent is required to collect and process many types of data. Organizations must also designate data protection officers, and notify authorities within 72 hours of a breach. If they don’t, violators will pay hefty fines. These changes alone will not solve the numerous problems in digital privacy, as there are many questions regarding the capacity for enforcement. The language of the regulation is also a matter of debate, using terms like “appropriate” and “reasonable,” which are unlikely to lead to enforceable improvements on privacy.
In terms of technology, organizations in 2018 will have greater capabilities to decentralize information need, through both blockchain- and non-blockchain-based solutions. There will also be better data management tools, reducing the need to collect and store some information entirely. We also believe that tools that have traditionally been point solutions — like insider threat tools — are generating data that can be used more broadly throughout an organization to enhance trust and safety in the organization.
These can also give people confidence that their data is being protected appropriately. In addition, as organizations continue to move to zero-trust networks and reduce reliance on perimeter-based models, the identity of an individual becomes the new perimeter. For this to be effective, privacy is critical. With access no longer being based on being inside the perimeter or outside of it, the individual identity will drive access and if organizations are not protecting that identity, their security will fail.
There is a considerable amount of momentum going into 2018 focused on improving privacy, especially on the regulatory and technology sides. But there remains a great deal of room for improvement in the storytelling related to the value of privacy. Organizations will more fully protect privacy when they truly see the value of being secure. To help ensure this, customers and other stakeholders must make sure this message is clear, and walk away from organizations that do not hold up their end of the deal.