Threats, Jurisdictions and Regulations: How Space-Based Data Storage Eliminates All Three

Aviator John Magee, Jr. wrote a poem called High Flight to describe his delight at flying, which he referred to as slipping “the surly bonds of Earth.” Decades before the first satellite or spacecraft, Magee wrote of “the high untrespassed sanctity of space.” Little could he have known how prescient his words would be or how important their meaning today for organizations in search of a better solution for data storage and transmission.        

Why is there a need for a better solution? To answer that question, we need to take a journey across the current data landscape and understand some of the primary forces influencing today’s data storage strategy.

Bigger Budgets, Same Results

Cybersecurity Ventures predicts global cybersecurity spending will exceed $1 trillion from 2017 to 2021. Yet the data breaches keep coming. The switch from perimeter to endpoint network security has not happened quickly enough, and it alone is insufficient to meet today’s advanced threats.

A whole set of advanced threats spring from the IoT. The Federal Trade Commission’s recent suit against a router manufacturer speaks to the severity of the threats that can be caused by insecure internet-connected devices. Last year’s massive Mirai botnet attack, which took most of the U.S. offline for a day, is a case in point.

Experian predicted several trends that would make headlines in 2017 in its yearly Data Breach Industry Forecast. One of them will be international data breaches that will cause significant problems for multinational companies, particularly in light of preparation for the GDPR to take effect. The firm also predicts that healthcare organizations will be the most targeted sector this year, with sophisticated new attacks emerging.

Another of Experian’s predictions brings even greater cause for concern: government-sponsored cyberattacks will escalate from espionage to proactive cyber war. The OPM breach was a mere foretaste of things to come as nations ramp up their activities. Experts anticipate internet-based attacks to take down critical infrastructure this year, as well. It is also likely that, at least partly due to this activity, that government surveillance of data will increase.

Responding to Threats with Regulation

Threats against personal, organizational and government data have spawned increasing security measures and legislation, a prime example being the European Union (EU) General Data Protection Regulation (GDPR). The GDPR’s official site calls it “the most important change in data privacy regulation in 20 years.”

The GDPR has as its aim the unification of data security, retention and governance legislation across EU member states to protect its population’s data. The regulation covers both EU citizens and citizens of any other country residing in the EU. All companies processing the personal data of people residing in the EU, regardless of the company’s location, must comply.

For affected organizations, this creates a jurisdictional minefield.

A high-level overview of the regulation reveals that it requires greater oversight of where and how sensitive data—such as personal, banking, health and credit card information—is stored and transferred. Most organizations will need to appoint a Data Privacy Officer who reports to a regional authority, as well. EU residents have new rights, including data portability, the right to be forgotten (erasure) and to be notified within 72 hours of the discovery of a data breach. 

To make sure that organizations are paying attention and make compliance a priority, the EU has included impressive fines for non-compliance in the GDPR. Organizations can be fined up to four percent of annual global revenue or €20 million – whichever is greater. It’s important to understand that these rules apply to both controllers and processors – which means clouds will not be exempt.

The deadline for compliance is just a year away, so the assumption would be that organizations are robustly transforming their data classification, handling and storage methods to conform to the new ruling. But research findings from The Global Databerg Report (a survey of roughly 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the U.S. and Asia Pacific) says that 54 percent of organizations have not advanced their GDPR compliance readiness.

What accounts for this lack of preparation? The issue is that the GDPR is requiring organizations to address some of their thorniest data challenges, including fragmentation of data and loss of visibility. Cloud-based services and the IoT have only added to the confusion and, along with the default behaviors of data hoarding and poor management, create a “databerg” (see the report above) that becomes as dangerous and expensive as the iceberg that sank the Titanic.

Treacherous waters lie ahead, and organizations must decide how they will approach GDPR compliance. The majority of affected organizations will spend the next year scrambling to erect infrastructure and processes and deploy personnel to make sure they meet the stringent requirements. The other option is to remove the relevant data altogether from the GDPR’s jurisdiction. Which means taking it offworld.

Space: The Storage Frontier

It’s no pipe dream to talk about taking data off-planet. There are already satellites ringing the earth that regularly receive and transmit information; why not develop a system for secure, internet-free data storage and transmission? A space-based cloud storage network would provide government and private organizations with an independent cloud infrastructure platform, completely isolating and protecting sensitive data from the outside world.

Thanks to innovative thinking that’s not merely out of the box but out of the earth’s atmosphere, new technologies have been conceived to deliver this type of independent space-based network infrastructure for cloud service providers, enterprises and governments to experience secure storage and provisioning of sensitive data around the world. By placing data on satellites that are accessible from anywhere on Earth via ultra-secure dedicated terminals, many of today’s data transport challenges will be solved.

Space-based data transfer and storage frees organizations from the jurisdiction-based restrictions that the GDPR will impose. A satellite storage solution also removes today’s most pressing security concerns, since data will never pass through the internet or along its leaky and notoriously insecure lines. In-transit espionage, theft and surveillance become impossible.

High (Data) Flight

The bonds of Earth are becoming increasingly surly, thanks to both the land-based cybercriminals out to steal sensitive data and the regulations meant to protect that data. But because of the internet’s inherent insecurity, actions intended to keep data safe within the current transfer and storage paradigm are akin to polishing the brass on the Titanic as it sinks. Instead, space-based storage takes advantage of the untrespassed sanctity of space to create a safe data harbor. There’s no possibility of disruption, unsafe exposure or jurisdictional issues. With these clear advantages, it’s time to let data take flight.