Tags :cyberattacksdata protectionGDPRsupply-chain issues
In today’s hyper-connected world, every single digital activity generates data. As IDC describes, the amount of digital data created over the next five years will be greater than twice the amount of data created since the advent of digital storage. In such an environment, it is more important than ever for businesses to protect their data from damage, destruction, or attack. It won’t be an exaggeration to say that the viability of every business now depends on constant access to its critical systems and data.
At the same time, managing and protecting business data is no easy task. Businesses must constantly monitor the changing data landscape and be alert to new tools and challenges. They must be aware of the ever-evolving privacy regulations and security threats, which may appear from anywhere around the globe.
In the space of data protection, what does 2022 herald? Here are four emerging trends that will shape the way companies approach data protection and management in the year ahead.
1. Protection of an ever-increasing attack surface will gain importance
The attack surface includes all the possible ways an attacker can get into your company’s devices and networks and lock up or exfiltrate your data. So, it’s essential to keep the attack surface to a minimum. The problem is that the attack surface is continually growing as more people work remotely on multiple devices and create more entry points for cyber criminals to carry out cyber-attacks. Worse still, the attack surface is constantly changing. It isn’t a single surface but many disparate fragments. Furthermore, control of endpoints is becoming increasingly complex as employees leave organizations and retrieval of equipment becomes harder.
The bottom line is that breaches will inevitably happen. And in the coming year, companies will have to do a better job of recognizing breaches so they can extricate themselves as quickly as possible. Security and recovery strategies must be more thorough. As the attack surface expands, those strategies must cover not only the on-premises data but data in the cloud, at the edge, and everywhere in between.
2. Data sovereignty will add more complexity into data management
As companies have grown globally and become more interconnected, the rules around data privacy have become far more complicated. For example, a company based in India may use a US-based company like Amazon or Google to store and send data. The question is, where does that Indian company’s data legally reside, and by what rules is it governed?
The answers to these questions are complex and unclear. Every country has its own rules and regulations with regards to data transfer and storage. India, for instance, has defined rules in certain sectors, while in others it is still work in progress. In the insurance sector, the Insurance Regulatory and Development Authority of India has defined that all original insurance policyholder records should be maintained in India. In the public contracting realm, 2017 Guidelines for Government Departments on Contractual Terms Related to Cloud Services required all government departments to include localisation provisions in their contract while obtaining cloud services. Localisation restrictions have also been placed on payment data. On April 6, 2018, the Reserve Bank of India, issued a circular mandating all payment system providers to store payment data locally only in India.
Global experts of IT, legal, and HR are discussing passionately how to interpret our constantly evolving reality of data processing. That’s why 86% of IT decision-makers say their organizations have been impacted by changing compliance requirements for data privacy, according to a global survey conducted by Dimensional Research.
Instead of storing all their data in their corporate headquarters, companies go for a multi-cloud approach, which means they have a globally distributed data infrastructure on-premise and in cloud. They must keep track of sovereignty issues in different jurisdictions, and to do this, they will need help. Cloud providers will have to work more closely with their customers to manage sovereignty and compliance with varying rules.
In the year ahead, the onus will be on both businesses and public cloud providers to improve compliance and data sovereignty issues by better understanding what is in the petabytes of data they’re storing and the regulations around every element of that data. Businesses can no longer be satisfied by simply backing up data. They will have to get smart about their data content and put policies in place around that content.
3. Global supply-chain issues will become a data-protection issue
Supply-chain issues are creating significant disruption to the global economy, with everything from cars and refrigerators to semiconductors and toys in short supply. And those issues look likely to continue well into 2022.
Logistics issues and digital risks such as cyber attacks will cause further disruptions to the global supply chain in the coming year. In 2021, the Colonial Pipeline ransomware attack took down the largest fuel pipeline in the U.S. and temporarily caused fuel shortages up and down the East Coast. The company paid the hackers nearly $5 million in ransom just a day after discovering malware on its systems.
The supply chain will remain a top priority for organizations in 2022. That means they will need to be actively armed with data protection solutions to keep the supply chain working and meet the demands of their customers. Specifically, organizations will need to ensure that cyberattacks do not further compromise their supply chains and that data remains available 24/7 and can be instantly recovered.
4. The Data Protection Officer will grow in strategic Importance
The Data Protection Officer (DPO) is an enterprise security leadership role that, under certain conditions, is required by the General Data Protection Regulation (GDPR). In fact, according to the latest GDPR stats, the demand for Data Protection Officers has risen by over 700% over the last five years. Data Protection Officers are responsible for having expert knowledge of data protection laws and practices while overseeing their company’s data protection strategy and ensuring compliance with GDPR requirements.
The role of the DPO is poised to grow in strategic importance in the coming year, particularly as the responsibilities of DPOs extend beyond traditional IT to encompass a holistic view of data privacy, security, and education. The DPO can even open new opportunities across the organization. For example, in a world of remote work, the DPO will be a strategic enabler for business, especially as it becomes clear that the virtual workforce is here to stay. In India, the role of DPO will gain prominence as the Personal Data Protection Bill 2019 is passed and becomes law.
The challenge of data protection is sure to become even more daunting in 2022 and beyond. As companies store more data across on-premises, cloud, hybrid, and third-party systems—and as data regulations grow and multiply—companies must stay on top of the ever-evolving data landscape or risk sinking altogether.
(The author is Regional Director, Arcserve India & SAARC and the views expressed in this article are his own)