The traditional definition of a technology organization -- one that produces technology products for consumer and business use -- is going by the wayside.
Here's the revised definition: A technology organization uses tech to drive increased efficiency, lower costs and grow revenue. With this definition, every organization on the planet can be considered a tech organization.
Within this all-encompassing, tech-consuming enterprise, there is a distinct difference between a tech-savvy business and a tech-invaded business. Unless a business is aware of what distinguishes the two, it will remain susceptible to attacks, lawsuits and embarrassing missteps.
The heart of what constitutes a technology organization is data. Three trends will continue to drive incessant data collection:
- ubiquitous and cheap storage;
- IoT devices and sensors whose costs continue to plummet; and
- cheap compute and increasing availability of machine learning models that can be adapted for predictions in a competitive market.
With the odds heavily in favor of businesses increasingly collecting more and more data, what is the downside, if any, of this rampant data collection?
Three data security considerations
There are three key data security considerations to keep in mind as the volume and velocity of information increase.
First, know that more data means a bigger surface area for data breaches. It seems self-evident, but without an economic trigger to highlight the cost of increased data storage, there are no checks and balances to monitor or control data collection. Plus, with the advent of hybrid and multi-cloud, data is spread out, making a comprehensive view into the total data attack surface usually absent.
Second are customer rights to data expunging and transfer. With increasingly consumer-friendly regulations, like GDPR and the California Consumer Privacy Act, consumer awareness and activism are rising. Two of the most prominent features making headlines are the right to request a purge of one's data and the right to request a copy of the data collected about oneself. Note, the more data an enterprise has of its consumers, the more time-consuming and onerous it will be to fulfill consumer data rights demands.
And the third data security consideration to keep in mind is unwittingly or knowingly indulging in data brokering. The Cambridge Analytica-Facebook scandal is old news now, but it is worth remembering that the reason Cambridge Analytica was able to do so much predicting and brokering of data is because Facebook was collecting so much data in the first place. Today, two years later, there are more data collectors and data brokers in business than ever -- usually hidden from the unsuspecting consumer but happening anyway.
How to improve data security
What can a business do to not fall prey to these data security missteps? Here are a few moves to consider.
Consciously limit the amount of data being collected. While this may sound counterintuitive given the competitive environment, it provides for just cause and introspection on what data matters to the business and drives business focus.
Implement a transparent and rigorous data lifecycle management process. Even if the amount of data collection does not decrease dramatically, having an enforceable data lifecycle management process in place provides assurance that data classification, assessment and destruction will keep the organization safe from digital attackers.
Do the right thing. Indulging in data brokering -- both buying and selling -- is inherently fraught with issues, so tread lightly.
Regulations are coming swiftly, so even if an enterprise wants to push the boundaries, remember the boundaries are getting tighter. The organizations that will thrive are those that use these regulations as a starting point but raise the ethical bar above this threshold to drive continuous transparency, tangible customer value demonstration and a rigorous self-governing process.