Six Data Security and GDPR Predictions for 2018

With cyberattacks on the rise and the EU’s new General Data Protection Regulation (GDPR) going into effect in 2018, there is a greater focus on data security and governance. Here six top IT leaders reflect on the changes taking place and offer their predictions for data security and compliance in 2018.

  1. GDPR Crosses Borders; Role of Data Protection Officer Emerges: The General Data Protection Regulation (GDPR) will be the most notable form of compliance in 2018. While it will become EU law in May, it will affect every company that handles data for EU residents, even if the data processing occurs outside EU borders. Organizations will need to take a very close look at how they manage data impacted by new privacy requirements and will need to revisit best practices for backup and archiving, in particular email archiving, to understand how to re-architect processes. One notable development will be the creation of a formal Data Protection Officer role. Look for an emerging crop of features and solutions with an optimized set of functions that help organizations meet local and global GDPR requirements, yet are easy-to-use and can help those responsible for managing backup and email data quickly identify personal information and remove it from their systems.  -- Christophe Bertrand, VP of Product Marketing at Arcserve
  2. We will see more vulnerabilities targeted in 2018—particularly in corporate and government settings: While advancements in technologies like AI and machine learning offer solutions to prevent security breaches, they are also tools hackers will increasingly leverage to devise more powerful and targeted attacks. With the U.S. unlikely to mandate security regulations, the onus will be on businesses to enhance security efforts; we should see greater investment in dedicated security professionals – both in-house talent and outside vendors. -- Greg Arnette, Director of Data Protection Platform Strategy at Barracuda
  3. Security will be built into the DevOps pipeline with the rise of DevSecOps:  DevOps continues to grow in usage and importance for enterprises of all sizes.  Security teams need to understand that DevOps is quickly changing how IT operates and need to partner with IT and application development teams much earlier in the planning and execution lifecycle, building security into the DevOps pipeline instead of bolting on after the fact, which will create successful DevSecOps programs for organizations.  Security teams that try to enable DevSecOps by procuring point solutions that don’t integrate with existing security technologies, processes, and reporting will actually create even more security silos and introduce blockers that slow down the speed, agility, and automation that DevOps delivers. -- Chris Carlson, Vice President of Product Management at Qualys
  4. Making the cloud more secure will continue to be a top priority: Making the cloud more secure will continue to be a top priority. Collaboration between nimble private companies and the behemoth blue chip tech players on how to make the cloud more secure, including an increased focus on hybrid clouds, multi-cloud management and a modern container-based approach will become the rule instead of the exception.  -- Ankur Laoria, Strategic Solutions Leader at Alfresco
  5. There will be an emergence of decentralized immutable mechanisms for managing data: Mechanisms to manage data in a trustworthy, immutable and truly distributed way (meaning no centralauthority) will emerge and have a profound impact on the data center. Blockchain is a prime example of this. Decentralized mechanisms like blockchain challenge the traditional sense of data protection and management. Because there is no central point of control, such as a centralized server, it is impossible to change or delete information contained on a blockchain and all transactions are irreversible. Think of it as a biological system. You have a host of small organisms and they each know what they’re supposed to do without having to communicate with anything else or be told what to do. Then you throw in a bunch of nutrients: in this case, data. The nutrients know what to do and it all starts operating in a cooperative manner, without any central control. Like a coral reef. Current data centers and applications operate like commercially managed farms, with a central point of control (the farmer) managing the surrounding environment. The decentralized immutable mechanisms for managing data will offer microservices that the data can use to perform necessary functions. The microservices and data will work cooperatively, without overall centrally managed control. -- Mark Bregman, NetApp CTO
  6. Crowdsourcing will be used more aggressively by IaaS providers as a means of improving their security:  The crowdsourcing model works in regard to security because history has shown that the more eyeballs you have on a problem, the faster vulnerabilities will be found. WEP is exhibit A of this model, which was the initial encryption standard that was released as part of the first wireless networking standard. It was found to be riddled with vulnerabilities out the door because it was developed in a closed environment with no input from a broader base of people with an interest in identifying and shoring up any weaknesses. The lesson was learned from this example and these standards are now open for broader analysis. Bounty programs at Microsoft, Oracle, and others also prove this out. Why? Because they ask for help from many people, numbering in the hundreds and more, who are motivated to find bugs or vulnerabilities in their products and make them better and more secure. Therefore, as counterintuitive as it may seem, the more open you are, the more protected you can be. As more and more companies adopt these bug, or vulnerability bounty programs, this crowdsourcing security model will prove to be one of the most efficient, economical and effective strategies for shoring up the security of the network as well as it has for software and browsers. -- Hansang Bae, CTO, Riverbed Technology



Subscribe to Big Data Quarterly E-Edition