The past year brought many data breaches and incidents of PII mishandling. With confidential information being compromised routinely, data privacy regulations are also on the rise. Here, top IT executives reflect on the current data security landscape and what we can expect in 2019.
- Data privacy regulations to be proposed and enacted: Whether affected by GDPR or not (most are), companies should be looking to it as a framework, it’s a good starting point for those building out their processes. It's important to have something set-up for how data is kept and used. If we want to continue to have personal information protected, we will need to have more regulation. In 2019, I believe we’ll see more regulation proposed and/or put in place, like the Consumer Data Privacy Act recently introduced by Oregon Sen. Ron Wyden. - Adrian Moir, senior consultant, Product Management at Quest Software
- State of security: SMBs and MSSP: In 2019, the ever-changing security landscape will pose the greatest threat to small and mid-sized businesses, while simultaneously creating greater opportunity for both managed service providers (MSPs) and managed security service providers (MSSPs). While we don’t see breaches slowing down, we are predicting that small and mid-sized businesses will be the easiest targets in 2019. With weaker security, a lack of user education, and fewer trained professionals, these factors dramatically simplify the opportunity for breaches. Hackers will easily be able to access their data and target SMBs for more money. MSPs are seeing the opportunity to expand their businesses to include security services; however, we can expect that many will lack existing security resources and as a result look for partnered assistance from managed security service providers. The benefits of the MSSP model include the ability to quickly scale capacity and security expertise while MSPs build their own internal capabilities. As a natural effect of the previous prediction, managed security service providers will see an uptick in the next year. - Destiny Bertucci, head geek at SolarWinds
- Global Privacy, Regulation, and Governance will continue to keep security professionals up at night: GDPR was a great first step, but global regulation and governance still remains a complex web. The United States will continue to fall further and further behind in competency and international relations as our federal compliance efforts simply aren’t moving fast enough to meet worldwide requirements. Countries where privacy is prioritized and seamlessly integrated will see the most optimal growth. - Tomas Honzak, chief information security officer at GoodData
- GDPR compliance focus moves to operational focus: The initial work phase of complying with GDPR was for organizations to look at how they controlled data placement and privacy. Now, organizations will look to monetize that GDPR data in some way. The opportunity in 2019 is to aggregate the models, semantics, and reporting of GDPR data and efforts and develop as a revenue source. - Jack Norris, senior vice president, data and applications of MapR
- We’re living in a GDPR world: As of August 2018, about one-third of companies were still not compliant with GDPR. In the coming year, GDPR compliance will become a bigger priority for organizations, as they start to identify which companies are prepared to handle and protect their data. Additionally, GDPR will spur a global privacy trend that will hold companies accountable for how they use personal data. - Barbara Cosgrove, VP, chief privacy officer at Workday
- Privacy: It’s a fundamental right: Following the passing of the California Consumer Privacy Act, 2019 will see increasing momentum behind the privacy movement, which started in the European Union with the GDPR. The privacy movement will have wide-ranging impacts, including on the tech industry. Similar to Workday, more companies will begin to show their support for comprehensive privacy legislation in the U.S. and globally. - Jason Albert, deputy general counsel, Workday
- Balancing privacy with access: GDPR was the first of many privacy and security ramifications of broader data access, storage, sharing, and regulatory compliance requirements. On a broader level, organizations and governments will need to balance access to social and personal data with ethics and what should actually be shared. - Frank Vella, chief operating officer, Information Builders
- Discovering why personal data is stolen: In 2019, we’ll find out why all the personal data that has been stolen has been stolen. There have been many incidents of data theft (e.g. Equifax) and yet this data hasn’t shown up anywhere for sale nor has it been used as part of any widespread attack. It has almost given the illusion that the theft of this data has had limited consequences for the peoples whose data was stolen. This year, we’ll find out more about the motives of the thieves and what their purpose has been in amassing so much data from healthcare and credit agencies in particular. - Peter Bauer, CEO, Mimecast
- Defining a basic security policy: In 2019, we’ll finally see some headway made toward defining what a 'basic security' program looks like across businesses of all sizes. If this truly happens and people adopt it, the rising controls tide will raise all ships on the protection front. - Marc French, chief trust officer and data protection officer, Mimecast