Data protection trends for businesses in 2022
In today’s hyper-connected world, every digital activity generates data. As IDC describes, the amount of digital data created over the next five years will be more than twice the amount of data created since the advent of digital storage. In such an environment, it is more important than ever for businesses to protect their data from damage, destruction or attack. It won’t be an exaggeration to say that the viability of every business now depends on constant access to its critical systems and data.
At the same time, managing and protecting corporate data is no easy task. Businesses need to constantly monitor the changing data landscape and be on the lookout for new tools and challenges. They should be aware of the ever-changing privacy regulations and security threats, which can emerge from anywhere in the world.
In the data protection space, what does 2022 announce? Here are four emerging trends that will shape how businesses approach data protection and management over the coming year.
1. Protecting an increasingly large attack surface will become increasingly important
The attack surface includes every possible way for an attacker to enter your organization’s devices and networks and lock down or exfiltrate your data. It is therefore essential to minimize the attack surface. The problem is, the attack surface keeps growing as more people work remotely across multiple devices and create more entry points for cybercriminals to carry out cyber attacks. Worse yet, the attack surface is constantly changing. It is not a single surface but many disparate fragments. In addition, endpoint control becomes more and more complex as employees leave organizations and asset recovery becomes more difficult.
The main thing is that violations will inevitably occur. And over the coming year, businesses will need to do a better job of recognizing violations so they can get out of them as quickly as possible. Security and recovery strategies need to be deeper. As the attack surface expands, these strategies need to cover not only data on-premises, but also data in the cloud, at the edge, and everywhere in between.
2. Data sovereignty will add more complexity to data management
As businesses have grown globally and become more interconnected, the rules around data privacy have become much more complicated. For example, an India-based business can use a US-based business like Amazon or Google to store and send data. The question is, where is the data of this Indian company legally residing and by what rules are they governed?
The answers to these questions are complex and unclear. Each country has its own rules and regulations when it comes to data transfer and storage. India, for example, has set rules in some sectors, while in others it is still a work in progress. In the insurance industry, the Indian Insurance Regulatory and Development Authority has defined that all original records of insurance policy holders should be kept in India. In the area of government procurement, the 2017 guidelines for ministries on contract terms for cloud services required all ministries to include localization provisions in their contract while obtaining cloud services. Location restrictions have also been placed on payment data. On April 6, 2018, the Reserve Bank of India issued a circular requiring all payment system providers to store payment data locally only in India.
Global IT, legal and human resources experts passionately discuss how to interpret our ever-changing reality of data processing. That’s why 86% of IT decision-makers say their organizations have been affected by evolving data privacy compliance requirements, according to a global survey by Dimensional Research.
Instead of storing all of their data in their headquarters, companies are taking a multi-cloud approach, which means they have a globally distributed data infrastructure on-premises and in the cloud. They have to follow sovereignty issues in different jurisdictions, and in order to do that, they will need help. Cloud providers will need to work more closely with their customers to manage sovereignty and compliance with different rules.
In the coming year, it will be up to businesses and public cloud providers to improve compliance and data sovereignty issues by better understanding what is in the petabytes of data they store and the regulations for each. element of this data. Businesses can no longer be satisfied with just backing up data. They will need to be smart about the content of their data and put policies in place around that content.
3. Global supply chain issues will become a data protection issue
Supply chain issues are dramatically disrupting the global economy, with a shortage of everything from cars and refrigerators to semiconductors and toys. And these problems are expected to continue until 2022.
Logistics challenges and digital risks such as cyber attacks will drive further disruption to the global supply chain in the coming year. In 2021, the Colonial Pipeline ransomware attack destroyed the largest fuel pipeline in the United States and temporarily caused fuel shortages along the East Coast. The company paid hackers nearly $ 5 million in ransom just a day after discovering malware on its systems.
The supply chain will remain a top priority for organizations in 2022. This means that they will need to be actively armed with data protection solutions to keep the supply chain functional and meet the demands of their customers. Specifically, organizations will need to ensure that cyber attacks do not further compromise their supply chains and that data remains available 24/7 and can be retrieved instantly.
4. The data protection officer will gain in strategic importance
The Data Protection Officer (DPO) is a leading role in corporate security which, under certain conditions, is required by the General Data Protection Regulation (GDPR). In fact, according to the latest GDPR statistics, the demand for data protection officers has increased by over 700% over the past five years. Data protection officers are responsible for having in-depth knowledge of data protection laws and practices while overseeing their company’s data protection strategy and ensuring compliance with GDPR requirements.
The role of the DPO is poised to gain strategic importance in the coming year, especially as the responsibilities of DPOs extend beyond traditional IT to encompass a holistic view of privacy. data, security and education. The DPO can even open up new opportunities throughout the organization. For example, in a remote working world, the DPO will be a strategic catalyst for businesses, especially as it becomes clear that the virtual workforce is here to stay. In India, the role of the DPD will gain in importance as the Personal Data Protection Bill 2019 is passed and becomes law.
(The author is Regional Director, Arcserve India & SAARC and the opinions expressed in this article are his own)