Horizon Scanning: How Data Security May Evolve Over the Next Decade
Is there a way to predict how Data Security will evolve over the next decade with any accuracy?
I believe there is. Why do I say that? Mahatma Gandhi is quoted as having said the following: “The future depends on what we do in the present”. Abraham Lincoln is reported to have had similar views: “The most reliable way to predict the future is to create it”. We can be sure they were not talking about data security here, but the sentiment is sound. What we do now has an impact on how the future shapes out.
A brief retrospective look into the past two years can show us where things are going in the next ten. Data security is a hot topic, and rightly so, as many individuals become more and more aware of what data they share, who with and for what purpose. Since the implementation of the GDPR, businesses have had to, in some cases, radically tighten up on how they protect their customer’s data using ever-evolving technology. But along with this has also come the need for more robust education of their staff in terms of how they have an impact on data security. I feel this is only going to continue!
It is a given that technology will continue to advance (and I will discuss some of my predictions later) but we must not forget ‘the human factor’ and become complacent, relying on technology to, in effect, wholly do the work for us. Let’s have a look in more depth at what I mean…
The Human Factor
Firstly, the obvious: human error can cause problems. We are all imperfect and it is thus going to be impossible to eliminate human error in terms of data security over the next ten years, but there is strong evidence to suggest that data security will continue to have a large focus on improving the understanding and tightening the working practices of those who come into contact with data.
Take one area for example: phishing emails. More business professionals than ever before have been working from home and this has been targeted in recent months by fraudsters trying to target human error via an increased push in phishing emails: preying on the lack of person-to-person interaction and perhaps increased workload stress. Increased education on how to recognise a phishing attempt - for example - amongst staff will aid in reducing the potential for one of these to cause a breach. Personnel awareness training will have to increase if scams like this are to fail.
Secondly, it can be easy, especially in the world of ‘big data’, to forget that data is in essence a very individual and personal thing. Therefore, should there be a level of morality attached to data security? In a world that is becoming more and more aware of ethics and human rights, will this extend more so into data security? I feel there is a strong argument to suggest it will. We have already seen this with the GDPR, and more recently on a global scale with the CCPA legislation. It was framed as being more suitable for the digital age in which we live, and it is, but there is also a large ethical undercurrent. Individuals are now more able to withdraw consent and ask for a copy of their data on file, amongst other things.
If we also take into account that the average individual is now more comfortable around technology and more confident navigating digital communications, I think this is going to be something we see more of. It seems only logical then to conclude that companies are going to have to keep taking into consideration (perhaps even more so) how to make sure they are transparent with how they use data, keep their data ever secure and have systems in place to comply with regulations.
Let’s Get Technical
We couldn’t talk about the future of data security and not mention technology and the large role it plays in this area! There can be no doubt that the great advances in technology have led to many new and robust ways to keep data safe, but where is it going to go in the next ten years? While we can never say for sure what will and will not be invented, we can look at what we have already and where the industry seems to be moving with it…
Biometric security controls are already used by many people in their personal lives (think fingerprint unlocking, voice-activated smart assistants etc.) but is it set to become more widely used in businesses? A lot of companies already employ additional security, such as Two Factor Authentication requiring an additional device to confirm your login attempt and identity, so this may seem like the natural progression.
Biometric access controls are purported to be incredibly safe as they rely on unique human features to grant access, such as iris recognition or fingerprints and it removes the need to remember multiple increasingly complex passwords. It isn’t without fault though as I’m sure most of us have had someone else set off their Siri/Alexa/Google Assistant or have a partner whose fingerprint is recognised on your device. Also, the systems we use to facilitate this would have to ensure that the biometric data being used is stored in a way that ensures its data safety. So, technology will need to be fine-tuned, but it is already getting there; so, within the next decade it is highly likely that we will see this type of security being rolled out throughout companies across many sectors to aid them in keeping data secure.
And last, but most certainly not least, I couldn’t avoid talking about the current COVID-19 situation, and how this has shaped the future of data security. Earlier this year, many businesses faced the sudden need to switch to remote working despite not having the infrastructure to do so. Some businesses were better able to adapt due to their current set-up making use of technology such as cloud storage and VPN access, but still faced logistical problems. However, now most are functioning well under the current ‘new normal’ and it has been reported that some companies won’t be bringing their full workforce back into the office at all. This leads to the question: will remote working become more of the norm in the next decade?
Yes. As an individual’s home life becomes more and more unique, as some companies see the benefits of reduced overheads, and as technology adapts to facilitate remote working, I believe that home working will become more common, if not the main avenue of working. This means businesses will start taking advantage of new and emerging technologies to facilitate this and developers will be looking for new ways to make access both possible and safe. From a data security point of view, this means strong encryption, access controls and good working practices will be more important than ever.
What Does This All Mean?
Well, it means that good data security practices and technology are going to become more and more important. The days of putting data security second to productivity are long behind us, and it is only going to continue to become more and more enshrined in all aspects of how a business functions. Those businesses that put data security at their core through great personnel training and robust technological measures are going to shine out as different.
However, along with new technology also comes new ways for people to exploit that technology, so this is going to be an ever-evolving and continuous effort to stay one-step-ahead of criminals. This takes time and money: both valuable resources to any company.
So, my advice would be to take heed of both Mahatma Gandhi and Abraham Lincoln quoted at the start of this blog: plan now for how to keep data secure, make it intrinsic to how the business operates now and then hopefully the future changes will be welcome additions to an already secure system.
Jess is an integral part of our information security team. She meticulously plans and delivers our data security commitments to ensure that we offer the most secure service and technology possible on a global scale.