Finding the data security formula
With data growing at an exponential rate, data security and operational risk management are more important than ever before. Ian McClarty, President of global IT firm PhoenixNAP, is a self-professed “technologist to the core” and talks us through the state of the data security industry and how it’s changing
The vast amount of data being created and stored nowadays has created unique opportunities for companies to gain an advantage in their marketplace — but it also leaves them arguably more vulnerable than ever before.
Just ask the board of Equifax, as the credit report heavyweight is only now finding out just how costly its massive data breach last year is going to be, and we are talking hundreds of millions. Even with insurance.
The proliferation of data is staggering. To offer a little context, Google processes three-and-a-half billion searches a day, and that’s just over three quarters of the total number of search engine queries. Every single minute, over four million videos are watched on YouTube and nearly half-a-million tweets are sent.
But it’s not just about search engines and social media. Overall, at least 2.5 quintillion bytes of data are being created every day when you factor in global e-commerce and everything else that comes with the growth of the internet.
And it’s an exponential equation. Over 90% of the data in the world was generated in just the last two years, showing the spiking curve. But these figures also underline the need for those involved at the highest levels of business and enterprise to show the necessary prudence and threat awareness.
Stéphane Nappo, CISO of banking giant Societe Generale, put it best when he said ‘it takes 20 years to build a reputation and few minutes of cyber-incident to ruin it’. Even with more awareness out there about the type of threats and how organisations can be vulnerable, the landscape is always evolving and it’s important to keep up with the beat of change.
Ian McClarty, President of Global IT Services provider PhoenixNAP, is a firm believer that it’s more important than ever for companies to have a strong focus on data security.
“The data now becomes a liability in a lot of ways,” says McClarty. “Companies are not geared to embrace that, so they’re going to third parties for help. We are seeing more and more demands in the market because of that reason alone.
“And the risk factors have got bigger when it comes to the management group, it can be the ending of your profession. It’s no longer taking last place. It’s a very real thing. You see more C-level executives also getting fired, and they will continue to get fired for major compromises that happen to networks, so that’s also very real. There are more threats, more active threats, more pressure.”
This all sounds pretty scary, but it doesn’t have to be as bad as that. One of the first rudiments is to ensure that you don’t handle or process data that you don’t need. But that in turn creates another issue in terms of being able to control data, for a number of reasons.
McClarty explains: “It’s not that it’s getting harder and harder to secure. It’s actually easier nowadays to secure data than ever before. What creates a complexity is that not everybody is at the same pace of technology adoption. That’s the issue. And you also rely on third parties nowadays. Every company now relies on some piece of another company to do business.
“This is talking about the IT part, not even the other business parts. A company that today used to do all these things in-house and now basically uses Software-as-a-Service, they’re a third party, and it means the data is out there somewhere. You have your data all over the place now. A lot of companies, by their own doing, are channelling data into multiple sources. From a data control perspective, that makes it harder.”
“It’s actually easier nowadays to secure data than ever before. What creates a complexity is that not everybody is at the same pace of technology adoption”
So what is the answer? With the vast number of threats out there — whether from a social engineering perspective such as phishing attacks and use of ransomware to fully blown zero-day exploits — what else can companies do to try and stay a step ahead of the attackers?
From McClarty’s point of view, there is a clear correlation between learning from the history of computing and IT throughout the ages, and utilising the most advanced technological tools out there right now.
He’s been involved in the sector since what he calls “the wild west” days in the 1990s and describes himself as a “technologist to the core”. McClarty’s latest passion is AI but he believes things go in cycles within the sector he’s been immersed in for over two decades, all of that time with PhoenixNAP.
“There’s a lot to be learned from the past and the history and people forget about that,” he observes. “You look at a lot of the cloud systems that are set up today and there are a lot of concepts were already in place. Maybe not the financial models, but the actual ID concepts had already evolved even 20 to 25 years ago.
“Artificial intelligence is a big trend right now in intrusion detection. A lot of companies are trying to figure out ways to forecast the next virus or the next major attack vector through their use of AI. Because they have a roadmap already of how these things have developed over the years, it’s almost like filling in the gaps for what the next element is going to be in that equation.
“From a profile perspective, they’re already gearing themselves up for the next version of attacks that will be coming through. Technology is trying to get ahead of it. The reality with security and attacks is that they always leapfrog each other. We may be in a leapfrog methodology because of pressure to try and get ahead again. Which is going to make it, again, harder more complex.”
McClarty is excited about the future and with abundant opportunity in the data security sector. He believes the main growth in the next few months and years will come in blockchain and data encryption, with more companies daring to venture into those areas.
He adds: “They’re going to try these component pieces of blockchain for identity management. They’re going to try to use blockchain for protection of chain of custody of information so that you know who did what, when, with that data.
So that’s important and you’ll see a lot of the evolving technologies trying to get put into the mix of security as well. That’s artificial intelligence, deep learning, all those buzzwords that get used over and over again, but they’re real. I mean, people are actually really doing these things, right?
“You will have your next generation of software developers and companies coming online and some of them are going to pivot into the security field.
“They’re going to see opportunity there and they’re going to try and make a name for themselves and so they’re going to try to do something unique and different.
“Identity management and chain of custody issues happen with a lot of data security, because encryption is only one piece of it. You also want to know where it went and who touched it and why and when. And those answers aren’t so easy to answer all the time. You want to see a life cycle of that data, from cradle to grave, and that’s almost impossible in many ways.
“It’s one thing to have encrypted data but if your encrypted data moves around from point A to point B and a lot of people have access to those keys, how secure is your data, really? You’re going to see a lot more development around that.”