Data classification firm,Titus, has unveiled its “Top 10 Data Security Predictions for 2020″ – timely insights based on surveys and conversations with both public and private enterprises around the world as well as executive participation at major events.
“Titus customers around the world are ideal sounding boards for the biggest trends and threats that can impact their long-term data security vision,” said Mark Cassetta, SVP Strategy at Titus.
“Our ability to coalesce different points of view across military, government, financial, retail and healthcare organizations is invaluable to solving the toughest security problems today while anticipating and alleviating emerging pain points,” he added.
Titus has developed the following “Top 10 Predictions for 2020” through this customer lens:
- Value of business data adds up: Best place to start data protection journey isn’t the most obvious
“Data is more valuable than oil,” said Andrew Yang, U.S. presidential candidate during the October 15th Democratic Presidential debate. Vital data insights actually are more valuable than oil, which is why astute data security pros increasingly are assessing the value of business data that needs protecting first.
- Personal data hide-and-seek: Do you know where your personal data lives?
Most CISOs simply don’t know all the places where personal data exists within their organizations. Still, you can’t protect what you can’t find, so some companies will grapple with their personal data problems while others will make headway with policies that protect personal data as it’s created and moves throughout the organization, including where it’s stored and archived.
- Email is ‘the elephant in the room’: Exposure to personal data risk greatest
According to TechJury, office workers typically send about 40 work-related emails and receive about 90 emails daily. Extrapolate that number across a 1,000-person company and imagine the impact of 40,000-to-90,000 emails with potential personal data moving in/out of an organization every day. Reviewing emails for sensitive personal data as they’re being created is the only effective way to reduce the risk of personal data that can be mishandled in the course of sending/receiving emails.
- Regulation comply or defy: Bigger fines and jail time loom
The California Consumer Privacy Act (CCPA) is fast approaching and companies that don’t comply by the July 2020 enforcement date could face consequences well beyond the “slap on the wrist” favored by GDPR regulators. The expectation is that harsher fines and possible jail time will be doled out for non-compliance. And don’t overlook new privacy legislation introduced in October called, the “Mind Your Own Business Act.” This latest piece of U.S. legislation details the strongest consumer protections yet and cautions that corporations will be held accountable for private data abuses.
- Cloud migrations pick up speed as lingering data security problems persist
Cloud migrations will continue to pick up speed in the year ahead and so will the steady migration of lingering data security problems. Even after the move, security issues persist as most companies maintain both on-prem and cloud environments. The inability to support hybrid clouds is the biggest shortcoming with many large platform offerings.
- CDOs and CISOs find common ground: Good data stewards join forces
As data security, personal data privacy and compliance demands escalate, so will the opportunities for Chief Data Officers (CDOs) to partner with Chief Information Security Officers (CISOs). Companies should encourage these two stakeholders to find common ground, align on priorities and build value-based recommendations to ensure that budget-focused CFOs actually green light important projects.
- Rise of Zero Trust: ‘North Star’ of security architecture comes into focus
Over the past year, the concept of “Zero Trust” has moved from cybersecurity buzzword into a concept that could serve as a unifying force in the industry. Aside from lingering definition debates, Zero Trust is evolving into a “North Star” framework for connecting different data security solutions as part of an overarching, best practices approach.
- Machine Learning effectiveness finds its footing in optimized organizational frameworks
Stricter opt-in and limited data-sharing agreements could diminish the effectiveness of AI and ML solutions. But, it’s important to remember that automation can significantly ease the identification and protection of sensitive data. Even military and government agencies appreciate the value of ML in helping build better data security frameworks. In 2020, the focus should be on helping organizations normalize their ML usage as it relates to data management and data protection.
- Data Security Scientist: New data superheroes emerge
A new breed of data scientist can elevate a company’s security strategies by analyzing the complete lifecycle of data with a critical eye to security implications. As this viewpoint doesn’t exist typically today, expect to see this role rise through the ranks to take on increasingly important profile in defining and deploying security policies.
- Data management and data protection alliances: Spur ongoing convergence
The rise of the data security scientist mirrors a broader convergence taking place among data management and data protection stakeholders. Traditionally separate organizations, there’s growing consensus that stronger alliances between data management and data protection teams will lead to better decision making. In addition to establishing best-practices for data stewardship across the entire data lifecycle, there are ample opportunities for skills cross-pollination and strategic collaboration.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/