Fast-forward 10 years to 2027 and the unconnected, analogue world we once knew, is a distant memory of a totally connected generation. People and machines are now connected in ways only ever thought possible in Sci-Fi movies; interacting to purchase products, manage their lifestyle, conduct their daily work and travel on autonomous vehicles. The world has gone digital and businesses are crunching through petabytes of data in order to provide digital services. The protection of data – more importantly personal data – is big business.
The introduction of the General Data Protection Regulation (GDPR) in 2018 changed the game of data security – claiming some big scalps along the way – as the UK’s Information Commissioner’s Office (ICO) made an example of organisations falling victim to high profile data breaches. The control of data is now back in the hands of the user, who is quick to report any business to the ICO that is suspected to be neglecting its responsibility for providing military grade security for the personal data it uses.
Cut back to present day and whilst this ‘cyber world’ scenario might seem like a bad Sci-Fi movie plot, it is a very possible reality with the Internet of Things, the use of Artificial Intelligence (AI) assistants and driverless vehicles gaining momentum as each day passes.
Steve Inglessis, Director at DataRaze, questions what the data security landscape will look like in this super connected world. What is different about data security in 2027 compared to that of 2017? In this article, Inglessis shares his views on the evolution of the data security industry and how the business world will be shaped by increasing data regulations and tightening of legislation around the use, management, storage and destruction of data.
While we are still at a point where businesses are in a frenzy preparing for GDPR, the consumer is just as excited for the next smart home device or commercially available AI solution.
We are quickly moving towards a world where AI, driverless cars and IoT are part of everyday behaviour. Therefore, to ensure consumers and businesses alike are protected, questions need to be asked about the security of devices and emerging technology.
Take Amazon Echo for example; a hands-free speaker that you control with your voice. You can use it to play music, make phone calls, create shopping lists, check the news and weather, and of course, make purchases from Amazon – its list of capabilities will only continue to grow!
While this is all incredibly cool, it is unnerving to consider that the device is always listening, recording and storing information. And here’s the real kicker: for these devices to work well and process comprehensive requests, they need to be connected to the Internet.
The likes of Amazon and Google have strict security measures in place to prevent devices from being exploited and hacked but there is always the underlying possibility that it may occur. In 10 years’ time, who is to say that a hacker will not be able to hack home networks and gain access to smart home devices – assuming direct control or listening in to conversations?
When we go to bed at night, we lock our doors, but when it comes to our home network – security, is lacking. At the most, domestic users have a standard router with a standard password; one which is likely to have remained unchanged since they purchased it! And what will happen to the data stored on smart household devices that are connected to the Internet – how can that data be protected and securely destroyed?
First and foremost, all technology manufacturers and service providers in the future must provide the consumer with comprehensive data protection and management. Unlike the average consumer or business operating outside of the technology sector – technology manufacturers will be far more informed on data protection regulations, including proper data management, destruction and disposal.
There is an opportunity for technology manufacturers to begin dedicating resource to building effective, regulatory-compliant security controls around these smart home devices.
Furthermore, we will see more collaboration between manufacturers, businesses and security experts to ensure every firm has a resilient and adaptable security infrastructure that can not only prevent threats, but also adapt to them. Will we reach a point where vulnerabilities will be reported and shared across the industry so that every business can prepare for and rectify any weakness or threat?
Education, Education, Education
When it comes to data protection regulations and GDPR, the percentage of people that are fully aware of the intricacies and implications of poor data security is incredibly small. However, this cannot be used as an excuse. With the massive growth of connected devices, it is essential that there is additional education surrounding data protection, security, management and disposal that empowers consumers and provides them with the clarity they need.
This responsibility falls to the original equipment manufacturers (OEMs) and vendors, because after all, it will be their responsibility should a complication arise. In the future, education on data security – at the point of purchase – will become part of the customer journey.
Customers – either consumers or businesses – will receive transparent, up-to-date education on data protection and the risks/dangers that connected devices could pose.
Stockpiling old data assets
As the popularity of connected devices grow, consumers will undoubtedly begin to stockpile various devices, many of which will have stored personal data over their lifetime to improve service delivery. But, when those devices reach their end of use or life, how will they be destroyed and disposed?
This is a real opportunity for a commercial model that provides the safe destruction of data assets. In the corporate space, businesses know exactly what to do with end-of-life assets, but does that apply to consumers?
Just as we have recycling bins everywhere, regulatory-compliant asset destruction and data cleansing devices will become the norm, driven by changes in data security regulation and the need for robust and comprehensive data destruction.
Consumers would be able to head to their local tech store, bring their end of life devices, such as laptops, phones, hard-drives and the like – and process them through these asset destruction devices, ensuring complete destruction of their data and a record of it.
Rather than throw your old mobile phone, laptop, AI personal assistance into the skip or use online software that cannot erase data completely, businesses will begin to provide sanitisation services for end-of-life assets for customers. For example, the moment an asset reaches its end-of-life, the customer could call the manufacturer/provider and the old asset would be taken and sanitised on the premises and replaced with a new device. This way, businesses can provide more value to customers and get more buy-in to data protection practices.
Failing to prepare is preparing to fail
Perhaps most important of all is how we prepare for these inevitable changes now – because if they aren’t addressed by 2027, then it will be far too late. As time goes on, additional layers of security must be added to digital products to protect both the consumer and the business. It’s about maintaining transparency where security and education are concerned in the digital age, as this will ensure that consumers are protected and businesses remain successful.