The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage personal, business and government data use big-name cloud providers. Smartphone platform companies house and process terabytes of the data that flows through mobile networks. Social networks house and control the data on billions of people worldwide — certainly the personal data of effectively all employees in your company.
And, that creates challenges, too. For example, cyber criminals and state-sponsored threat actors find data held in a central hub a tempting target. It’s time for a wider conversation among security specialists and industry leaders about how to better protect this data. Let’s take a look at the risks and challenges of a big data monopoly.
What’s the Problem With a Big Data Monopoly?
There are many problems with a big tech monopoly from a security perspective. The companies that hold data monopolies are ripe targets for attackers. Many holders of this big data do have thorough security, since they know they’re targets, too. It’s tempting to relax about data on these platforms.
But it’s also true that cyber criminals, state-sponsored threat actors, blackmailers and others all have a giant incentive to go after the monopolies, because that’s where the most data is.
The risk is more complex and subtle than it first appears. For example, it could come from inside the house. Over-privileged authorized users or unauthorized users (such as former employees) can put you at risk of an insider threat. The same goes for partners, suppliers and others with potential access to that data.
Big data monopolies also mean more people might have access to your systems than you know. The giant data monopolies could have over-privileged authorized users or unauthorized users of their own. Partners, suppliers and others might have access that you might not think of. In other words, insider threats in another service can put your data at risk.
Another problem is that as companies get bigger, they have less insight into all their nooks and crannies. A dangerous lack of insight into cloud data can leave them at risk for all manner of hazards, from losing out on business to data breaches and data theft. Threat actors could be hiding inside the big data monopolies already, slowly exploiting the data while avoiding detection.
What’s Next for Big Data Monopolies?
The data monopolies are going through rapid change, which is also part of the risk.
In addition to dizzying growth, as the world produces more data, governments pressure companies to change the way they do everything. They probe and scrutinize nearly all the big data monopolies for possible violations of antitrust laws. While in the U.S., anti-trust action is based on whether consumers have been harmed, in Europe the issue is more focused on using anti-trust law to create a more level playing field among competing companies.
Global and National Rules
European lawmakers have expressed concern over the exclusive market insights and other powers inherent in possessing so much of the world’s data. Proposed remedies so far have included the sharing of some percentage of that data or their insights between competing companies. It’s not at all clear how this would affect the security and privacy of the groups that own this data.
Other voices in government, both in Europe and the U.S., have expressed the desire to break up these companies into smaller companies. Some data monopoly companies gain business advantage by sharing or copying data across different business units. What happens in the event that governments call for a breakup of these business units into separate companies?
The so-called ‘splinternet,’ whereby national boundaries change the rules for how global data-hosting companies operate, also affects data monopolies. Some countries don’t allow a growing list of data types. Others require the data relating to citizens or companies in a given country must be stored only in that country.
When we consider the history of such rules, we consider a tiny number of large countries forcing them. But what happens in a future where dozens or even more than a hundred countries make such demands? For global companies, this complex scenario alone comes with its own inherent risks.
It gets worse: Once data on local citizens or businesses are stored in-country, the potential for use or abuse by local cyber criminals, domestic spies, foreign spies and others grows.
When you consider the continued rapid growth of data monopolies, the antitrust action they face, and the rise of the so-called splinternet, it’s easy to draw the conclusion that cloud data is just going to get harder to defend.
How to Address the Data Monopoly Risk
But there are ways to make things more secure. The first step in tackling the larger threat from data housed on the data monopoly platforms is analysis. What is the sensitive or business critical data? Where is it and what are the potential risks? Who has access to this data and what is redundant?
For example: knowing where sensitive business data is, while accounting for the special risks and growing complexity of data monopoly platforms, can give us direction to reexamine where and how some business data is stored and managed.
A managed cloud service can help you get started. You also need a data risk control center where you can gain insights into business risks related to data wherever it resides, including with the big data monopolies. You need to prevent your findings from this in a way that enables the C-suite to understand and take action.
This point can’t be emphasized enough. Visibility isn’t just theoretical access to what’s going on. It means access that enables human understanding and prompt action. It demands clarity, not just information. Automation and artificial intelligence can help in the project of ongoing, actionable visibility and threat intelligence.
Increased insight into risk factors from your main response platform is one key to reducing risks, including risks that come with legal compliance. Doing both at once is key to success going forward. Without proactive, systematic design, your threat management tools are likely to end up as a disconnected, uncoordinated hodgepodge of tools that will fail to provide an actionable, full picture of what’s going on. Adding threat management lets you detect and respond to threats earlier and faster.
Risk Management in the World of Big Data Monopolies
A right-tools-for-the-job mindset is also paramount. But too many threat management tools are from the previous era, rather than purpose-built for the age of hybrid cloud and cloud-native tech.
The key is not to consider and manage data housed on the data monopoly platforms in isolation, but to integrate that data in the overarching risk management strategy. Of course, we’re talking about risk management using big data best practices.
Coping with the growing risk and complexity of data calls for special attention when so much of it is handled by monopolies.
The post Why Security Pros Can’t Ignore Big Data Monopolies appeared first on Security Intelligence.
This post appeared first on Security Intelligence
Author: Mike Elgan