With a fresh year now underway, all businesses are looking ahead to their priorities for 2015, and if last year has taught IT departments anything, it’s that data security needs to be high up on the agenda. In 2014 we saw the likes of major breaches at eBay and Adobe, and even celebrities like Jennifer Lawrence learned the hard way about the harm a data breach can cause.
A security mishap, or even a potential data breach, can derail the most important of projects. So what has 2015 got in store that could impact business data security? Take a look below to find out…
EU General Data Protection Regulation
Businesses may think they have a future-proof IT strategy in place, but substantial regulation changes on the horizon will force a considerable rethink. The EU Data Protection Regulation, which should come into force in 2017 (but will be adopted this year), will ramp up businesses’ responsibility for data security, increasing sanctions for mishandling it. In short, this means fines of up to 2% of annual global turnover and possibly a requirement to report a breach within 24 hours.
This has ramifications for any strategy that is based around data – like BYOD, storage, internet of things and cloud. Because the changes in law are radical, organisations will have to work hard in 2015 to have a chance of complying and avoiding substantial fines when the new laws come in.
Big data innovation
2015 will see even more businesses take advantage of the power of the data they hold. From using analytics to gain greater business insight, to schemes such as the NHS care.data initiative, organisations are doing more with their big data.
However, due to the numerous data breach stories in the press, many organisations are unwilling to engage in innovative data schemes for fear of it increasing the chances of a data leak, as demonstrated by the difficulties care.data has run into. For many, there’s a lot at stake if this goes wrong: reputation, the risk of heavy fines from the ICO, and public outcry that could put a halt to any progress already made.
What we could see this year is innovation being stifled by data leak worries, and to avoid this organisations should think about data security at the start of the project, and ensure it is incorporated throughout its lifecycle. This needs to take into account every aspect of the project, from the devices being used to the platform that is accessing this data.
(Even) more mobile
While this has been a trend for the last couple of years, the increased use of mobile devices by employees is not slowing down. Whether an employee-owned (BYOD) or corporately owned and personally enabled (COPE) device, the growth in devices means a corresponding increase in endpoints, all of which are potential security vulnerabilities.
With the proliferation in device types, form factors and operating systems, it’s even more important that whatever security solution is in place is device agnostic, and able to cope with any type of new technology. That way firms are able to take an employee rather than device-centric approach to data security and device management.
Last year we saw mobile devices starting to do more, with the contactless payment and fingerprint recognition technology in Apple’s latest devices an example of this. What we’re going to see in 2015 is an increase in what mobile devices are capable of doing.
For example, Apple’s Touch ID fingerprint scanner has so far been used to unlock the handset itself and as a verification tool when making purchases through Apple’s App store. However, now that iOS 8 has made this functionality available to third-party developers, users will soon have the ability to unlock a greater range of apps via their fingerprints.
While this could have additional security benefits, it’s an example of device features rapidly expanding beyond what IT departments are comfortable with. In the wider business environment, firms need to be on their guard, and consider exactly what impact these new features will have on the way corporate data is stored and accessed. Contactless payment, face scanning and interaction with wearable devices are all features we’ll be seeing in 2015, but could be easily circumvented by hackers, or leave data open to leaks if they’re not made part of the wider device security strategy.
The recent iCloud hack and subsequent leak of intimate photos of Hollywood celebrities has made it clear that even the young, rich and famous aren’t immune to data loss. The fatal mistake these stars made was to forget that data, be it an email or photo, isn’t static. More often than not it goes straight to the cloud, where in theory it can be accessed from anywhere.
The question for 2015 is how savvy the next generation of digital youngsters are going to be. They may know how to use the latest apps and devices, but they haven’t had the training and experience to consider what happens to data in the cloud.
The next few years will reveal the impact of these digital natives on sensitive corporate data. If they take a laissez-faire attitude to corporate data and don’t consider what might happen to it when it is in the cloud, firms will end up facing serious data breaches. When businesses start realising this, we’ll see them taking a more serious approach to training their younger staff about data security so that it keeps up with their wider digital skills.
The corporate IT environment is changing faster than ever, fuelled by wider changes in consumer IT. Businesses clearly want to take advantage of the benefits that they can offer, but now more than ever data security needs to remain at the heart of these initiatives.
With upcoming laws like the EU General Data Protection Regulation making the consequences of data breaches more serious than ever, let’s hope 2015 sees data security move up the list of priorities.
- Stephen Midgley is VP Global Marketing at Absolute Software