The role of data in corporate as well as consumer businesses is becoming more important by the day—and with it, comes the need to safeguard it. In a world that is running virtually for the most part, how do we ensure the security and privacy of our information? This article details the need for each, and the means by which we can approach them.
In 2018, research by DOMO showed that over 2.5 exabytes of data were created each day. To imagine how this number must have grown since then is an uphill task. However, it begs the question: what is the role of data on the corporate and consumer front in today’s world? As of January 2021, approximately 60 percent of the global population, a whopping 4.66 billion people, were active internet users. Of this number, 92.6 percent (around 432 billion people) used mobile devices to access the internet. India alone has approximately 560 million online users, a figure that has more than doubled over the course of the last decade alone.
As the creation and exchange of data rises rapidly, its security and privacy concerns and an increased need for privacy become crucial.
What is Data Security, and Why is It a Growing Concern?
While many traditional companies initially ensured data security by restricting access to sensitive information, the pandemic has thrown conventional practices off balance. With a majority of the population working from home, secure networks that allow data access have been left vulnerable owing to employees using personal internet and devices for official work.
It then comes as no surprise that the past year has seen unprecedented cyber-crimes, with several data breaches, ransomware attacks, and even sophisticated state-sponsored cyberattacks. In 2020, Marriott International, a multinational hotel chain, reported that hackers accessed 5.2 million records. The information included but was not limited to guests’ personal information sourced through employee login credentials at one of their franchise properties. Over the course of the year, as the world grappled with the effects of the pandemic, cybercriminals targeted COVID-19 vaccine research institutions. Several high-profile establishments, including one in India, were targeted. Hence, in a world that is running virtually for a significant part, data security becomes crucial.
Several trends are being observed to improve data security. We can broadly classify them into:
● AI in cybersecurity: Across 2020, cybercriminals breached a historic number of enterprise systems across industrial sectors in 2020. To counter this situation, security experts have deployed AI algorithms that identify potential threats and attacks, thus taking proactive measures with greater efficacy. With AI/ML, companies have also reduced responding time in the face of a threat, allowing them to engage in best security practices.
● Security-as-a-service(SECaaS): The shift away from on-premise data centers and applications had necessitated the urgent need for SECaaS model. In the face of new-age virtualization, the SECaaS model will embrace a modern approach to augmenting existing security architecture. I believe that today’s security requirements will be met with a more expansive governance approach so that the corporate world can safely continue to enjoy the benefits of a SECaaS environment while effectively mitigating risks.
● Zero-trust model: Verizon’s Data Breach Investigation Report in 2020 shows that the use of stolen credentials is the second most common threat type responsible for data breaches. With a majority of devices functioning remotely, we can no longer rely on device-based access management. Where do we turn now? I believe that the answer lies in zero-trust compliance. As its name suggests, the zero-trust model works by trusting no one, and user attributes for each endpoint are constantly monitored in real-time to call out suspicious activity. The process works by verifying user identity as opposed to confirming device identity. While it may sound a little paranoid, correct implementation eliminates the risk of data breaches almost entirely.
● Secure Access Service Edge (SASE): As our idea of normalcy undergoes a radical change, many organizations have been forced to move their resources to the cloud to allow employees to continue functioning smoothly even as they work remotely. In this scenario, the secure access service edge model fits perfectly. This term, introduced by Gartner in 2019, suits the needs of a distributed workforce. The model has user identity at its core, which it uses to secure communication. Furthermore, with the shift to this elastic and scalable model, we can do away with cumbersome hardware and the need to scale up manually. SASE is still continually being developed, and it has the potential to alter the face of workforce security.
Is Safe Data Actually Secure Data?
In other words, while your information might not be facing a security threat, there might still be concerns about its privacy. The fears around data privacy only increased with the news of the leakage of identifying data of over 553 million Facebook users. When a data breach occurs through a household brand like Facebook, how do we not fear the worst?
The loss of data privacy is now no more just an issue on the large-scale commercial front being caused by black hat players—it has corporate players interested as well. So if you feel that you are constantly watched, heard, and observed, and tracked through conversations, shopping patterns, Google searches, and the like, you are not alone. Look for a coffee maker online, and you will immediately be inundated by ads of different brands of the same, both on social media and other websites. I do not deny that it enables us to make an informed choice, but the targeted marketing comes at a cost—intrusion into private data. That being said, the matter of privacy cannot be taken lightly. So, how do we draw the line between targeted marketing and secure data?
● Stronger IoT privacy: IoT devices come in all shapes and sizes, with different computing powers. Hence, there is no “one size fits all” model for data privacy. However, it is necessary to ensure that security is an integral part of IoT product design. IoT devices require proper data minimization procedures to reduce private data collection, timely risk assessments to identify and monitor weak points, as well as a segmented network to record end-user activity and alert appropriate personnel in case of excessive data transfer or hacking and hijacking attempts. IoT devices must be built to protect data privacy throughout the lifecycle of a product.
● No more third-party cookies: Advertising networks have widely used third-party cookies to drive product sales. Such cookies are widely seen on Google Chrome, and they made up more than 56% of the web browser market towards the end of 2019. Regulations require consent for non-essential cookies. Nevertheless, they are yet to be implemented strictly. Plans are now in place to phase out the use of third-party cookies by 2022 to ensure data privacy. And while they might not be completely banned, I believe we can expect them to be leashed better.
…Laying the Road Ahead
With the fast-changing times and new developments, the end of the tunnel is not really visible here. And, what lies in the future of our corporate and personal information is anybody’s guess. The best way to enjoy a good night’s sleep is to ensure that the data is safe, secure, and indestructible.
The phrase ‘data is the new gold’ has been long realized by marketers, corporates, and malicious players in the world of possibilities. However, the gold that everybody wants a share of is not all man’s wealth. As current data collection processes begin to be revamped, organizations are on the lookout for alternate and safer data collection methods. For starters, organizations can consider leveraging email marketing data that requires the users to subscribe for newsletters and updates. Some organizations and foundations are even looking at the possibility of compensating people as corporations use their data. Alternatively, staying vigilant on social media can help brands understand their target demographics better and bring together actionable insights. This can be further supported by first-party data available through content management systems.
What do you feel about that? I would love to hear your thoughts on this and add more to how data privacy and security can be augmented and expedited for commercial and private users.