Data Security and Governance Predictions for 2017

What has become all too clear in recent years is that no organization is immune from the risk of a data breach, and that anyone accessing data can pose a threat – including trusted employees and partners. The harm associated with data loss continues to escalate as well in the form of litigation, fines, and reputation, putting a sharp focus on the fact that data security and governance initiatives are more important than ever. Here, IT executives speculate on the impact newer technologies such as IoT, blockchain, and cloud, as well as the need for data protection, including disaster recovery plans, encryption, and comprehensive oversight.

The rise of “applied governance” to unstructured data. Earlier this year, more than 20,000 pages of top-secret Indian Navy data, including schematics on their Scorpene-class submarines, were leaked. It’s been a huge setback for the Indian government. It’s also an unfortunate case study for what happens when you lack controls over unstructured information, such as blueprints that might be sitting in some legacy engineering software system. Now, replace the Indian Navy scenario with a situation involving the schematics for a nuclear power plant or consumer IoT device, and the value of secure content curation becomes even more immeasurable. If unstructured blueprints and files are being physically printed or copied, or digitally transferred, how will you even know that content now exists? Tracking this “dark data” particularly in industrial environments – will be a top security priority in 2017. – Ankur Laroia, solutions strategy and security leader, Alfresco

In 2017, the governance vs. data value tug of war will be front and center. Enterprises have a wealth of information about their customers and partners. Leaders are transforming their companies from industry sector leaders to data driven companies. Organizations are now facing an escalating tug of war between governance required for compliance, and the use of data to provide business value and implement security to avoid damaging data leaks and breeches. Financial services and heath care are the most obvious industries with customers counting in the millions with heavy governance requirements.Leading organizations will manage their data between regulated and non-regulated use cases. Regulated use cases data require governance; data quality and lineage so a regulatory body can report and track data through all transformations to originating source. This is mandatory and necessary but limiting for non-regulatory use cases like customer 360 or offer serving where higher cardinality, real-time and a mix of structured and unstructured yields more effective results.   – MapR executive chairman and founder John Schroeder

Governance will become more important than ever. Having more data available can lead to conflicting data points, and in some cases, polluting good data with bad data. To avoid this potential crisis, there will be more calls for governance.  –  Dan Sommer, senior director and market intelligence lead at Qlik

As proven by the Delta outage, the need for a disaster recovery plan has become top of mind within the enterprise. 2017 will introduce DRaaS, aka Disaster Recovery as a Service. – Intel GM of data center solutions Jeff Klaus

Consumers will gain control of their own data. The emergence of blockchain coupled with advances in consumer technology devices, cloud computing and security measures will alter the current data ownership paradigm from centralized to decentralized. Early efforts include projects in healthcare and social media. In a project known as Solid, Tim Berners-Lee and his MIT cohorts are working to return ownership of social media data to the users that create them. In healthcare there is a growing desire for patients to control their own medical records based on the view from medical practitioners that patient care and quality of life is directly influenced by the ability of patients to access and utilize their data. This view is core to the Precision Medicine Initiative which envisions that patients, rather than medical and insurance providers, should be able to access and share their lab results, x-rays, genetic and medical history data according to their own terms. – Jans Aasman, CEO of Franz Inc.

In 2017, organizations will take ransomware more seriously and implement ways to rapidly identify compromised content and automate its recovery. Ransomware has proved to be one of the most effective ways to infiltrate an organization, and cybercriminals are increasingly becoming better at embedding viruses into innocent-looking email attachments. Organizations need to figure out how to classify, separate, and wall off their data in order to reduce the risk of data being inappropriately accessed and permanently lost. Discussions need to take place at the board level about an organization's data recovery strategy and its intersection with its security and ransomware strategy in order to keep sensitive data out of the hands of the wrong people. Don Foster, senior director of solutions marketing and technical alliances, Commvault

More threats from sophisticated hackers and unpredictable employees. Hackers are becoming increasingly sophisticated and employees increasingly unpredictable and this combination puts all businesses, not just banks, in a precarious position. We’re living in a new world, one where the security tools of yesteryear no longer work - and where data is a currency and hacking is a hobby. It’s a sorry state of affairs – we’re playing whack a mole and constantly losing. In some ways we’ve made the job of cyber criminals easier by over complicating how we approach security. Spot solutions that only protect against a specific type of threat had their place, but they don’t work together like they should, leaving blind spots that can be exploited. We need to see into every corner and every crevice so there is nowhere for the criminals to hide. Despite improved security education and awareness within businesses, the reality is that three quarters of network intrusions involve weak or stolen passwords, highlighting the market requirements for a product that integrates multifactor authentication into a cloud-based security solution. As in years past, CIOs will remain under immense pressure to encourage productivity yet protect sensitive data at the same time. They need a single pane of glass that gives them total visibility and control of web, cloud applications and email. – Ed Macnair, CEO, CensorNet

The rise of insider threats will lead to wider adoption of encryption in private clouds. Thanks to the “Snowden effect,” privileged users will have the biggest threat thanks to the possibility of stolen credentials.  As enterprises realize this, the need to protect data rises within the firewall, even in customer premise or private cloud deployments. In addition,as encryption becomes ubiquitous, it is critical that it becomes easier to consume.  Look for innovative ways of this capability becoming part of enterprise workflows and easier integration into the development process through open APIs and sophisticated management interfaces. –  Baffle CEO Ameesh Divatia


Subscribe to Big Data Quarterly E-Edition