This typical dire tone of many expert predictions serves not to scare cyber defenders, but to jolt entire organizations into hypervigilance …
Without further ado, here are four data protection and management trends that I have discerned from my work as a CTO:
- Attack surfaces will continue to expand
An attack surface includes all the possible ways an attacker can get into your organization’s devices and networks and lock up or exfiltrate your data. It is essential to keep the attack surface to a minimum, but as it is remote-working continually changing that attack surface, cybercriminals will find a way to exploit any defense weaknesses.
Furthermore, control of endpoints is becoming increasingly complex as employees leave organizations and retrieval of equipment becomes harder.
The bottom line is that breaches will inevitably happen. In the coming year, companies will have to do a better job of recognizing breaches so they can extricate themselves as quickly as possible.
Security and recovery strategies must be more thorough and rehearsed. As the attack surface expands, those strategies must cover not only on-premises data but data in the cloud, at the edge, and everywhere in between. - Data sovereignty will create even greater complexity
As enterprises have grown globally and become more interconnected, the rules around data privacy have become far more complicated. For example, a company based in Germany may use a US-based company to store and send data. The question is, where does that German company’s data legally reside, and by what rules is it governed?
The answers to these questions are complex and unclear. Global experts of IT, legal, and HR are discussing passionately how to interpret the constantly evolving reality of data processing. In one survey, 86% of IT decision-maker respondents indicated their organisations had been impacted by changing compliance requirements for data privacy.
These days, enterprises no longer have a single data lake at their corporate headquarters that IT can focus on protecting. Much of their data resides in the cloud, which means they have a globally distributed data infrastructure. They must keep track of sovereignty issues in different jurisdictions, and to do this, they will need help. Cloud providers will have to work more closely with their customers to manage sovereignty and compliance with varying rules.
In the year ahead, the onus will be on both enterprises and public cloud providers to improve compliance and data sovereignty issues. Organizations can no longer be satisfied by simply backing up data. They will have to get smart about their data content and put policies in place around that content. - Global supply-chain issues will continue to be a data-protection issue
Supply-chain issues are creating significant disruption to the global economy, with everything from cars and refrigerators to semiconductors and toys in short supply. These issues look likely to continue well into 2022.
Logistics issues and digital risks such as cyberattacks will cause further disruptions to the global supply chain, which will remain a top cyber priority for organizations in 2022.
That means every organization must be actively armed with data protection solutions to restore the supply chain without disruption. - The Data Protection Officer will grow in strategic importance
According to General Data Protection Regulation statistics, the demand for DPOs has risen by over 700% over the last five years.
In the coming year the role of the DPO is poised to grow in strategic importance, particularly as their responsibilities will extend beyond traditional IT to encompass a holistic view of data privacy, security, and education.
The DPO can even open new opportunities across the organization. For example, in a world of remote-working, the DPO will be a strategic enabler, especially as it becomes clear that the virtual workforce is here to stay.
The challenge of data protection is sure to become even more daunting in 2022 and beyond. As enterprises store more data across on-premises, cloud, hybrid, and third-party systems amid stricter data regulations, enterprises must stay on top of the ever-evolving data landscape or risk sinking altogether.