Addressing Data Insecurity and Jurisdictional Concerns Once and For AllFebruary 16, 2017 No Comments
Featured article By Cliff Beek, President of Cloud Constellation Corporation
There are many circumstances that benefit from a completely novel approach. While the IT industry has evolved rapidly in the last three decades, so have hackers’ tactics. Security vendors have focused on walling in networks or plugging holes in their porous perimeters, but results have been mixed at best.
This conundrum is a prime candidate for out-of-the-box thinking. First, though, it’s important to examine the current data landscape to understand some of the primary forces influencing today’s data storage strategy.
Security Challenges at Every Turn
Cybersecurity Ventures projects $1 trillion will be spent globally on cybersecurity from 2017 to 2021. Yet the data breaches keep coming. The switch from perimeter to endpoint network security has not happened quickly enough, and it alone is insufficient to meet today’s advanced threats.
A significant challenge to cybersecurity comes from the IoT. The Federal Trade Commission’s recent suit against a router manufacturer speaks to the severity of the threats that can be caused by insecure internet-connected devices. Last year’s massive Mirai botnet attack, which took most of the U.S. offline for a day, is a case in point.
Experian predicted several cybersecurity trends that would dominate 2017 in its most recent Data Breach Industry Forecast. One of them will be international data breaches that will cause significant problems for multinational companies, particularly in light of preparation for the GDPR to take effect. The firm also predicts that healthcare organizations will be the most targeted sector this year, with sophisticated new attacks emerging.
Another of Experian’s predictions sounds like the plot of the latest Bourne thriller, except that it’s happening in real life. They believe that government-sponsored cyber attacks will escalate from espionage to proactive cyber war. The OPM breach was a mere foretaste of things to come as nations ramp up their activities. Experts anticipate internet-based attacks to take down critical infrastructure this year, as well. It is also likely that, at least partly due to this activity, that government surveillance of data will increase.
Confronting the Regulatory Burden
As personal and organizational data face constant attack, regulatory bodies are stepping in to improve security. One such measure is the European Union (EU) General Data Protection Regulation (GDPR). The GDPR’s official site calls it “the most important change in data privacy regulation in 20 years.” One journalist likened it to the all-seeing Eye of Sauron from the Lord of the Rings trilogy.
The EU is doing its best to create a standard that will keep data safe. The goal of the GDPR is to unify data security, retention and governance legislation across EU member states to protect its population’s data. The regulation covers both EU citizens and citizens of any other country residing in the EU. All companies processing the personal data of people residing in the EU, regardless of the company’s location, must comply. Which makes it a jurisdictional nightmare.
This regulation requires greater oversight of where and how sensitive data—such as personal, banking, health and credit card information—is stored and transferred. Most organizations will need to appoint a Data Privacy Officer who reports to a regional authority, as well. EU residents have new rights, including data portability, the right to be forgotten (erasure) and to be notified within 72 hours of the discovery of a data breach.
To prove that the GDPR is more than a suggestion, the EU has created a hefty fine system. Organizations can be fined up to four percent of annual global revenue or €20 million—whichever is greater—for non-compliance. It’s important to understand that these rules apply to both controllers and processors – which means clouds will not be exempt.
It would seem like a no-brainer for affected organizations to be hustling to transform their data classification, handling and storage methods to conform to the new ruling before the May 25, 2018 enforcement date. But research findings from The Global Databerg Report (a survey of roughly 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the U.S. and Asia Pacific) says that 54 percent of organizations have not advanced their GDPR compliance readiness.
Why is this happening? Don’t organizations care about compliance? Of course they do; the problem is that the GDPR is requiring organizations to address some of their thorniest data challenges, including fragmentation of data and loss of visibility. Cloud-based services and the IoT have only added to the confusion and, along with the default behaviors of data hoarding and poor management, create a “databerg” (see the report above) that becomes as dangerous and expensive as a real iceberg is to vessels sailing the North Atlantic.
Conventional thinking sees this as an either/or situation: either undergo a massive overhaul to comply with the GDPR or face ruinous financial repercussions. The majority of affected organizations will spend the next year scrambling to erect infrastructure and processes and deploy personnel to make sure they meet the stringent requirements. However, unconventional thinking see this as an opportunity to remove the relevant data altogether from the GDPR’s jurisdiction. But how?
Storage Above the Atmosphere
Think about it: what is the common denominator in all of the security and regulatory challenges facing organizations today? The internet. So then, what if critical and personal data could be transported and stored without using the internet at all? There are already satellites ringing the Earth that regularly receive and transmit information; why not develop a system for secure, internet-free data storage and transmission? A space-based cloud storage network would provide government and private organizations with an independent cloud infrastructure platform, completely isolating and protecting sensitive data from the outside world.
Forward-thinking minds have devised new technologies to deliver this type of independent space-based network infrastructure for cloud service providers, enterprises and governments to experience secure storage and provisioning of sensitive data around the world. By placing data on satellites that are accessible from anywhere on Earth via ultra-secure dedicated terminals, many of today’s data transport challenges will be solved.
This applies to the GDPR and other data regulations. Space-based data storage frees organizations from the jurisdiction-based restrictions that the regulation will impose. A satellite storage solution also removes today’s most pressing security concerns, since data will never pass through the internet or along its leaky and notoriously insecure lines. In-transit espionage, theft and surveillance become impossible.
A Brave and Borderless Data World
The internet has created a brave new world for consumers and organizations alike, but it has also created tremendous security concerns that have led to the creation of stringent regulations. Regardless of what new cyber security measures the industry comes up with and what new laws regulatory bodies enact, the accessibility of the internet cannot be changed. That is just the nature of the beast. By circumventing it with a space-based approach, sensitive data can be transported, stored and managed with heightened security and without jurisdictional worries. It’s a novel approach that provides peace of mind to individuals, government agencies and companies alike.
About the author:
Cliff Beek is a leading executive within the Global ICT sector. He has extensive experience with the management and financing of equity-backed ventures within areas of satellite, mobile broadband, mobile app development and cloud infrastructure entities. Beek founded Star Asia Technologies and Laser Light Communications and served as the EVP at CoCo Communications. He holds an MBA from the Wharton School, University of Pennsylvania.