Predictions 2020: Data Security Next Year and Beyond

As the oft-used metaphor goes, data is the new oil that powers business success. Today’s modern organizations are built on data collection so they can store and analyze it for insights. Unless consumers start to pay for free services, data is going to continue to be collected. There’s no way around it.

But data is also the new asbestos. If organizations don’t use data responsibly, there will continue to be data breaches that impact consumers, and there are longer-term impacts on overall enterprise value and business reputation. The solution to the problem is well-understood: They need to better respect data privacy and operation as secure data custodians. If not, they’ll be exposed to penalties from existing and upcoming privacy regulations.

As we enter the next decade, here are 10 predictions we expect to emerge around data security:

A New Category Is Being Created: Data as a Service. Consumers are generating more and more data each day. Companies are likewise hoarding that data. Selling or sharing consumer data responsibly will require new methods of computation/privacy-preserving analytics and a new architectural model. Enabling “data as a service,” which includes data modeling as a service and machine learning/artificial intelligence as a service, will generate new revenue opportunities for companies that store and analyze massive amounts of data with third parties.

We’re Still Only in the Third Inning of the Move to Cloud Computing. The prevalence of “lift-and-shift” projects to public cloud platforms is jaw-droppingly fast. But it’s still in the early innings. Nearly every company has some sort of a public cloud deployment. But hybrid cloud deployments will continue to be the norm for the next several years. In the next six innings, companies will need to go beyond focusing on cloud security configuration and controls and come to grips with protecting the actual data as part of the “shared responsibility model.”

Jail Time for Data Breaches? Companies are already preparing for GDPR, CCPA and other proposed or upcoming privacy regulations. I expect a national data privacy law in the U.S. in the next couple of years. Interestingly, the Cayman Islands Data Protection Law (which went into effect Sept. 30) and a bill written by U.S. Senator Ron Wyden (D-OR) both carry the possibility of jail time for executives who were found to be negligent with consumer data. This will begin a debate: Should the punishment for data breaches go beyond financial measures?

Third-Party Data-Sharing Models Evolve. Almost two-thirds of companies have experienced a data breach due to one of their vendors or third-party suppliers highlighting the fact that external parties remain a significant source of data loss risk. This begs the need for a different model of data sharing that limits exposure. I expect that there will be increased adoption of data-sharing practices that centralizes data instead of distributing outright to multiple external parties, which is the common practice today. This will result in the consolidation of digital processing and utilize a privacy-preserving analytics capability to support use cases for business intelligence and collaboration across multiple parties.

Data Responsibility Becomes a Competitive Advantage. The 2010s were marred with massive, high-profile data breaches and abuses of consumer trust (Facebook/Cambridge Analytica, Yahoo, Marriott, Equifax, Target). The 2020s will see a bifurcation between companies that protect user data and share it responsibly, and those that do not. Those that play “fast and loose” will see an immediate hit to their brand impact, mounting legal and regulatory costs, and the long-term health of their business come into question. In contrast, those that design their systems to share data responsibly will thrive and soar in value.

Companies Protect Data at the Source. To protect themselves from both external and internal threats, businesses need to understand that they are already compromised. They must protect data as it is created and “fail safe,” instead of reacting to breaches. To speed responsible sharing, they will adopt data exfiltration control.

Data Revocation Becomes Standard. Similar to how Europe has a “right to be forgotten,” companies will begin offering the ability to destroy or shred their own personal data. Facebook, for example, already offers a “kill switch” data revocation method. I expect this will become ubiquitous among companies that collect and store consumer data.

Tradeoffs Between Performance and Security Will Diminish Over Time. The 2010s saw a struggle between security departments and those that wanted to ship code quickly and often. Microservices and DevOps are all the rage right now for rapid app development. Businesses are starting to wake up to the fact that you can have security and speed at the same time. Security that is incorporated by design is actually enabling business and the move to “shift left.” New technologies, such as advanced data protection with a “no-code” model, allow businesses to quickly ship code while maintaining the highest levels of compliance and security.

Companies Will Revolt against Vendor Lock-In. Industry consortiums are beginning to form around the question of, “How do you securely share data beyond traditional at-rest encryption?” While the aims are noble, companies do not want to be locked in to a hardware vendor’s architectures. Effective security requires being data-agnostic and having open collaboration among all vendors to solve real-world customer problems.

The Data Protection Service Will Become a Security Architecture Standard. With the continued reliance on microservices, serverless compute and a more fluid and ephemeral services architecture, more companies will implement a data protection service to provide a common security architectural model to protect their data, control access and minimize data exposure. This new architectural model will pave the way for contextual access to data going forward.

Want to learn more about what to expect in 2020? Join us Jan. 23 for our Predict 2020 Virtual Summit featuring discussions from some of the industry’s best and brightest offering up their visions for the future. Sign up today for this free daylong virtual event.

Ameesh Divatia

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Sponsorships Available Unlike ... Read More
Security Boulevard
Avatar photo

Ameesh Divatia

Ameesh Divatia is co-founder and CEO of Baffle, an advanced data protection company that simplifies encryption while enabling secure computation on encrypted data in memory, in use, and at rest. He has a proven track record of turning innovative ideas into successful businesses.

ameesh-divatia has 1 posts and counting.See all posts by ameesh-divatia

2 thoughts on “Predictions 2020: Data Security Next Year and Beyond

Comments are closed.