Effectively corralling and managing the rapid proliferation of data in the digital world we live in today has become an increasingly high stakes proposition for those guarding against IP theft, privacy leaks and information misuse. An increasing volume of often sensitive data and content stemming from a remote workforce, interconnected operations networks and integrated supply chains with global reach doesn’t make the task any easier.
However, the act of ensuring vital content isn’t compromised in the field needn’t be a heart-stopping affair. Experts from around the world weigh in on today’s leading threats, predict tomorrow’s most promising innovations and share their topline recommendations for leading technologies and approaches to ensure sensitive company information never travels too far afield.
From the individual mobile device to the enterprise network, challenges abound when working to maintain the integrity of information rich environments. Following is the shortlist of concerns keeping experts up at night.
Privacy and bias
In the aftermath of Facebook’s manipulation of user data in conjunction with Cambridge Analytica to impact national election campaign outcomes, privacy concerns lead the pack of threats surrounding sensitive data today. How deep does the privacy issue run? Underscoring the gravity of the matter is the most substantial change in data privacy regulation the world has seen in 20 years: the new EU General Data Protection Regulation (GDPR) legislation, instituted following the Cambridge Analytica scandal.
NTENT USA Chief Technology Officer Ricardo Baeza-Yates reports that privacy also has a direct impact on search query bias and answer fairness — with the capacity to racially profile users and swing entire markets. “Query bias and answer fairness are direct byproducts of data privacy,” shares Baeza-Yates. Leveraging user data and machine learning at NTENT to predict consumer intention in semantic-based search engine and virtual assistant user queries, he explains this dynamic. “For example, if you queried Alexa or Google on the topic of immigration, the conversation may erroneously drift to illegal immigration despite your query frame, based on predictive analytics leveraging your nationality, gender or other personal data points. The same lack of answer fairness may occur for product searches leveraging real-time geo-tracking and income level — limiting exposure to select sellers and skewing market fairness based on those biases.”
Internet of Things (IoT) interconnectivity
“While the interconnected environment we live in today has substantially streamlined vital processes — from remote security system management to commuter train operations, thanks to the Internet of Things — it has also made us more vulnerable to catastrophic attacks,” reveals David Nordell, director of the consultancy Synapse Cyber Strategy, and past advisor to the Israeli government. “Taking a broad view of information ecosystem management is vital. So too is deploying a comprehensive security strategy focused on the gamut of considerations from people, devices, information flow and outside risks to the effective handling of waste and encryption technology development. On top of that, a large portion of senior leadership doesn’t fully understand the modern technology fueling IoT, or the full scope of implications in the event breach.”
And it’s not just those in the senior leadership ranks operating at a deficit. Beyond the latest technologies being leveraged, full visibility of the interplay of the data streamlining those vital processes is naturally limited. Charged with detecting cyber threats in real time, True Digital Group IT Security Operations Specialist Manoj Kumar Murmu adds, “The dynamic of data interaction with applications and organizations is a concern for everyone focused on cybersecurity today. The primary challenge is fully understanding how data is being used. Until you have a firm grasp on data flows within an organization and through applications, you’re pretty much blindfolded about the full scope of its reach — and how exactly it’s being leveraged.”
Murmu reveals that intellectual property can also easily become compromised in the data retention process. “Once the utility of proprietary company data sets depreciates, the question quickly becomes, what do you do with it? When it’s no longer being utilized or valid for ongoing operational purposes, the protocols followed to effectively discard sensitive data represent a huge risk,” he says.
“While it’s easy to think that hitting the delete button or simply sending an electronic file to the trash can be an effective approach for the disposal of sensitive information, there is a lot more behind it. Because remnants of information often stay behind through reference points to peripheral files and systems — the disposal of highly confidential information regularly positions companies and individuals for increased risk of data misuse and IP theft. Adding to the challenge is the reality that you often don’t know whether the data you’re working to eliminate has made its way to the external world through memory sticks, encrypted messages or other means of egress. These are pervasive challenges for everyone working to securely discard confidential data.”
“Without question, identity theft is the number one concern today,” says MIT Innovation Advisor and former BMC Software CTO Dr. Elizabeth Xu. “The growing scope of personally identifying data points collected through mobile apps and websites — from your personal phone number, birth date and past addresses to the model of your first car and biometric measures like fingerprints and facial structure — each represents a level of risk to users.” With a nod to the magnitude of public data that also exists for most individuals, from discoverable social media photos and professional histories to home mortgage records, the problem is particularly unwieldly.
“Each of these discrete data measures can be used to digitally forge personal identities, right down to leveraging social media photos to reconstruct your facial structure as an entrée to identity theft. Compromises of this key identifying personal information can have an untold negative impact that few know the full scope of.” With the growing availability of increasingly sophisticated technologies capable of manipulating photos and voice records to even create synthetic videos, she cautions, “From personal finance to professional reputations, your entire life can be impacted.”
So how do you maintain an assemblage of meaningful control over company data and sensitive information across networks, supply chains and a remote workforce? Following are the technologies and tactics industry experts have the most faith in for content capture and management.
Adopting a holistic view
“In an age where you can threaten someone thousands of miles away with your cell phone, a strong end-to-end view of information security is imperative,” shares Nordell. “The urgency of your position as a potential target is real, therefore having a fundamental understanding of exactly what is at risk, what it will cost if it’s broken, who could potentially attack you, and how they might go about it are the foundations of a solid defense. From standard operating procedures for digital data storage and protocols for multi-function printer disks containing sensitive data scans to the thorough vetting of staff that control encryption keys, a holistic approach to information security is necessary to curb risk.
Proportionate data protection
“Every business needs to understand and focus on the most essential company data that it simply cannot function without,” says Nordell. “For a bank, it’s not going to be the petty cash records, but the proprietary trading algorithms that drive income. While it’s impossible to create completely hermetic systems, you should still introduce as many layers of security to sensitive data and information as possible, making intelligent decisions about what you’re going to protect. As opposed to asking how much you can afford, at the end of the day you should be asking how much you can afford to lose.”
Data flow examination
Murmu further reveals that an equally broad view of data flow is part and parcel of effective data management. “Gaps in visibility are the enemy. If you have a strong understanding of a data’s origination source and can identify its transit through each of the discrete segments it’s crossing — its exact flow and data stores — you’re well positioned to actively monitor it. A close examination of that flow can quickly reveal anomalous patterns and non-secure activity across any segment, down to exit points from individual laptops and email accounts. Only this level of visibility can enable companies to halt data flow at the exact point breaches occur,” he says.
Fortified multi-factor authentication
“Multifactor authentication beyond account passwords and fingerprints alone that combines biometric features with time generated passcodes can also effectively respond to data breaches in everyday consumer applications,” reports Xu. “In high security clearance environments like governments you may consider even more layers, leveraging digital envelope encryption technology that requires a public key to encrypt classified data and a private key to receive and read that data. Two-step digital signatures leveraging the same technology are also widely employed in such environments, using an algorithm requiring a private key to sign documents and a public key to validate signatures. A built-in algorithm then matches signatures using digital certificates to validate signed documents. Inconspicuous digital watermark technology also exists to combat content piracy risks from digital art to text. They work by invisibly embedding a number or name to the content, prompting an algorithm to run when content is leaked, and then swiftly identifying data value, outside content recipient, and the source of the leaked content.”
Owning personal data security
“As a company, you alone are in charge of securing the privacy of user data in your possession,” says Baeza-Yates, citing AOL’s very public release of its users’ personal search data and Netflix’s overt leveraging of personal search data in its algorithm to profile its subscriber base as classic textbook case studies of what not to do. He also stresses that widespread proliferation of personal data makes data anonymity particularly challenging. “Even if data is anonymous, it’s incredibly difficult to ensure you won’t be able to identify individuals if you cross that anonymous data with any other data in the world. Data with semantic meaning, such as words — from age and location to gender — crossed with medical records or other public data make identification possible.”
However, he shares that a combination of practices can mitigate this risk. “Getting rid of retained long-tail data that features specific data across the entire customer life cycle, separating demographics from numerical records, and working to ensure sensitive data doesn’t make its way beyond company network firewalls are all practical first line defenses,” he says.
Responding to contemporary data integrity threats while enhancing today’s prevailing risk mitigation approaches, what next generation technologies are ripe for innovation in the near future? Our thought leaders weigh in with these compelling solutions.
Responding to the myriad of modern-day threats of data access by unauthorized users, Nordell shares, “The truth is that the integrity and security of business, government and personal data today is a lot more fragile than we would like to accept. The quality, capability and availability of responsive technology needs to grow in response — and the future points to new biometric dimensions of security as a defense. Akin to electronic bomb sniffing dogs developed in Israel five years ago, olfactory sensors on handheld devices will likely be tomorrow’s reality.”
System and security control integration
“The lack of interoperability between companies’ internal data security controls and their systems is a real gap today,” says Murmu. “The reality is that until it’s a requirement, no one will voluntarily raise their hand to spend arduous hours monitoring for the potential “spillage” of sensitive data. As more stringent data controls are mandated by government privacy laws, however, system and security integration approaches are bound to change. I believe a combination of technology innovation that streamlines internal and external data flow identification, and a greater awareness among IT professionals about the complete range of internal systems being used across corporate networks will fill that gap in the future.”
Multi-source data management
“With the growing number of global teams, sensitive data may illegally travel thousands of miles across country borders within the same corporation,” shares Dr. Xu. “Oftentimes, that data is generated by a rapidly growing number of resources, is difficult to secure, is stored on and accessed through a growing number of personal devices, and travels between nations with variable privacy laws and compliance guidelines surrounding what can and cannot be shared. Exacerbating the issue, corporations have a hard time tracking and deleting this information from employee personal devices. The startling reality is that consumers remain clueless as to who may have accessed and stored their personal data. These raw truths have made modern day data management a nightmare. Tomorrow’s responsive innovation to this challenge is technology capable of managing personal data you can source, search and clearly identify your current level of protection for, flagging privacy violations and regional compliance breaches from various global sources.”
Personal data consent protocols
“A reported 91% of surveyed U.S. users blindly consent to term and condition disclosures without actually reading them,” shares Baeza-Yates. “This fact, paired with the reality that every online user exchange represents a bit of potential privacy loss, signals a clear need for next generation app development that combines personal data sharing notifications and user consent or decline options. Installed on smartphones, this turn-key technology would alert users whenever an app or website requires the use of their personal data and offer a clear accept or decline protocol. Charging those websites and apps a fee for leveraging that personal data would completely change the personal data paradigm.”
Today, enterprise leaders and end users alike have access to detailed information on the content vulnerabilities that go hand-in-hand with the digital workplace. These insights allow for advanced strategic planning to mitigate privacy risks and security breaches, creating a more secure paperless office.