New Data Security Challenges in the Rush to the Cloud
The challenges of working from home have caused organizations to reevaluate how they look at their networks and the data that lives on them. The range of at-home networks and BYO-devices now engaged in critical business operations has grown exponentially and amplified our reliance on cloud-based infrastructure and solutions and scattering our data into what is frequently the unknown.
In their rush to the cloud, enterprises will need to take into consideration three new data security challenges as they reevaluate where their data is and whether they have taken enough responsibility for it:
1. Cloud whiplash
Accelerated by the dramatic shift to remote work, organizations have been steadily moving all of their data outside the enterprise and into the cloud. What this means in reality is that all the data that makes up our digital enterprise is on someone else’s computer. With the rise of SaaS, the applications that serve as the foundation of our businesses are maintained by someone else, and although that generally ensures the security of the application, the visibility on the data stored within is generally significantly diminished. Whereas in days past, a company had its own datacenters and computers, today the paths our corporate data takes are no longer owned; and therefore, visible to the company. And whether or not the infrastructure that is owned and operated by another company is monitored is frequently (and frighteningly) unknown.
We are already deeply relying on fundamental business applications like Office 365, Salesforce and Slack—the most used applications—moving to the cloud. Even the more tailored applications that don’t yet have a SaaS equivalent are moving from the corporate datacenter to IaaS to be consumed as a service.
As a result, we see enterprises starting to grapple with the complex question of where their data is, and who really has access to it, and how they might audit or track this. Their heads will suddenly turn to realize their ability to govern data is limited at best, and they have few processes in place to understand who is accessing what data and from where (internally and externally), and what the actual costs are. Visibility will become the new watchword.
2. Diminishing returns on cloud storage
As corporate entities, we generate an awful lot of data. Inevitably, the path of least resistance is to keep buying more and more storage to stuff all of our data into the cloud. And the reality is all the data we create ends up stationary, ie. “sitting around” and frequently untouched or unused for long periods of time. For example, just consider the SharePoint files of former employees. We lose sight of where that data really is, what’s happening to it, and whether or not someone may be moving it out of the organization.
We expect many enterprises will start to recognize that that path of least resistance that cloud storage represents—when not used thoughtfully and strategically—turns all that data into a liability. Companies will start to understand that we have passed the point of diminishing returns with a haphazard approach to cloud storage, both from a security and cost perspective.
In addition to acting on the understanding that not all data is worth paying to keep, especially considering its potential liability, enterprises will focus more than ever before on how they will apply cloud storage smartly, securely and affordably.
3. Think global, act local privacy
In the big picture, we have seen broad protection for consumer and individual privacy enacted through regulations like GDPR and CCPA that say people must be told what data is being collected about them. National measures in the United States have failed to pass so far, but we did see California forge ahead and New York and Massachusetts are considering following suit. But what will happen if a more progressive city, like San Francisco, decides that consumers need stronger protection of their personal data than California deemed acceptable?
We expect to see that some municipalities will begin to impose more restrictive data privacy laws than those adopted on a federal or state level. For companies who store consumer data in the cloud, their model is to use very few, but very large, datacenters to hold all that information. Such companies, like Fitbit, may find themselves forced to find local datacenters so that they can meet new municipal requirements to do business in a city like San Francisco. In turn, we may see the large cloud service providers capitalize on this dynamic by starting microfacilities across many locations and regions in order to help their customers comply.
Doing a double-take
The changes and challenges of 2020 hit the enterprise at breakneck speed and accelerated a rush to the cloud. While organizations have adapted quickly and admirably, many will start to take a second look at what they’ve done with their data, and what they need to do going forward. In the coming years, we expect organizations will implement new ways of ensuring responsibility for data, wherever it lives.