Today with the Internet of Things (IoT), accessing clients globally is not difficult, even for a small business. The flow of data is effortless and almost instant, and for the most part that’s all businesses have been concerned about – that transactions are made. Until, that is, people start to question what happens to that data. Who keeps it, how is it stored, and more importantly, is it secure?
It’s interesting that those questions usually only get asked after something’s gone wrong with data security, or when there’s a new law to comply with.
The Policy Approach
Back in 2016, the EU implemented the General Data Protection Regulation (GDPR), a data privacy law aimed at improving data security. Organizations operating within the EU, as well as those outside but transacting with the EU, had two years to implement what is considered globally as the gold standard in data protection. Six years on and global data exchange should be secure, right? Laws are in place. Protocols have been written and there’s been time to iron out all the kinks.
The truth is that it’s much more complex than just one economic region enacting a standard. The volumes of data we’re talking about are mind boggling. It’s estimated that 2.5 quintillion bytes of data are created each day (have you even heard of the term quintillion before?)
Every click is being recorded, stored and analyzed. Multiply this by billions of users worldwide. Add in that the volumes of data are currently growing at approximately 22% per year. And yet somehow, there’s the expectation that companies are supposed to have figured out how to keep data exchange safe?
It may seem that the most logical approach would be greater standardization of data exchange globally, but it’s a moot point. While several regions, such as the Baltic states and South East Asia, have come close to streamlining data exchange between themselves, achieving this on a global scale is practically impossible. There are too many differing priorities and policies between governments and whose to say which should take precedence?
Security is Slippery
Governments, companies and organizations may try to do their best, but gains are short-lived. Balancing the need for effortless transacting with controlling who has access to data, is a scenario most working in cybersecurity are familiar with. In data exchange, the scale at which this needs to take place, elevates the challenge to a whole new level.
Methods such as encryption, tokenization, or compression have been proposed, but how feasible will it be to implement these ideas at scale? Especially as the volume of data keeps growing. In some data governance frameworks, data management, including deciding which data to keep and which to delete has been proposed. This could start to reduce the data volume issue, but what are the parameters to decide what data gets deleted? Isn’t that typically the case is security? As one issue is dealt with, another presents itself.
Despite all of these challenges, there remains a responsibility to do better at securing data exchange. Consumers expect it, governments legislate it, and companies need it. Now all we need is the human will to make it happen.
