Shared Responsibility in Data Security

We need to reassess how we define data security and where we place responsibility in protecting our data online.

Over the past decade, consumers have enjoyed increasingly convenient, often free services in exchange for sharing their personal data. While we value security, there aren’t many ways that the average citizen can, or is willing to, proactively ensure privacy online. A digital footprint is often necessary to function both professionally and in society, at large.

DevOps Connect:DevSecOps @ RSAC 2022

As end users, we are at constant war with our impatient, always-connected brain, which urges us to scroll through terms and conditions as quickly as physically possible to access the alluring world of content and services waiting on the other side. No amount of training on anti-phishing and cybersecurity measures will rewire our preference for convenience. That’s why, even despite the growing ubiquity of large-scale cyberattacks, the pace of data sharing hasn’t slowed.  In fact, we’re sharing more data than ever before.

It’s time for an intervention.

We need to reassess how we define data security and where we place responsibility in protecting our data online. This starts with recognizing that we’ve passed a tipping point. So much of our data already sits within online services’ databases that it is nearly impossible for individuals to wrangle back control of their digital profile. It would be a massive undertaking on the part of both consumers and service providers to completely and permanently shift control of data back into the hands of end users.

Instead of attempting to turn back the clock, we should direct our efforts toward ensuring that the data we share is fully anonymized and protected. Tackling the challenge of data security starts with recognizing where both the greatest responsibility and the greatest potential for innovative solutions lie—in the companies that process and profit from personal data on a daily basis. Businesses who collect data should have a high degree of responsibility for that data, including culpability when things go wrong.

The fact is, companies already have developed the digital infrastructure to house and best leverage data, along with the incentive to find ways to more meaningfully interact with that data. Unlike individual users, these companies actively and regularly process personal data at scale.

Investing in security is a matter of due diligence that mitigates the need for costly damage control in the wake of a data breach. Certainly, the cost of keeping data sprawl secure will be significant. But that cost comes with the territory of unfettered access to the modern economy’s most valuable resource. Businesses should actively explore methods of deterring attacks, preventing manual errors wherever possible and mitigating them when they inevitably occur.

Most enterprises are inadequately equipped to prevent advanced attacks, and there’s no telling what lies in wait. Against this backdrop, enterprises need to adopt a holistic approach to improving their security posture—one that incorporates people, processes and technologies. There are many paths companies could take, from applying user and entity behavior analytics to engaging in a private market for developing effective regulation. But developing entirely new security frameworks takes time and the threats to consumer data are immediate.

Partnering with managed security service providers (MSSPs) can speed up this process while reducing costs and uncertainties. Partnerships like these enable enterprises to quickly offload day-to-day security tasks to external teams with domain-specific tools and expertise. This frees up internal teams to explore innovative, fully integrated security programs. By reducing capital expenditures—by 80% in some cases—and boosting IT team productivity, an MSSP-backed approach gives organizations the breathing room to position themselves as innovators and build consumer trust with well-tested, comprehensive cybersecurity solutions.

Forging the right technology partnerships will enable organizations to meaningfully implement the latest digital technologies while securing both the data and the trust of their customers.

The security conversation within organizations clearly needs to change. It’s unfortunate that fear and reticence have long been the starting point for accessing security investments. It’ reflective of a legacy mindset at work within organizations. Today’s threats and tomorrow’s challenges can’t be dealt with by brandishing fear. Businesses and digital service providers need to step up and take the lead if they want a future free from consumer distrust, costly data breaches, and unnecessarily burdensome regulation.

CR Srinivasan

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

CR Srinivasan

CR Srinivasan is Chief Digital Officer at Tata Communications.

srini-cr has 1 posts and counting.See all posts by srini-cr