With the New Year fast approaching, all businesses are looking ahead to their priorities for 2015, and if this past year has taught IT departments anything, it’s that data security needs to be high up on the agenda. We’ve seen business such as eBay and Adobe, and even celebrities like Jennifer Lawrence, learn the hard way the harm a data breach can cause.
For businesses looking ahead to 2015, a security mishap, or even a potential data breach, can derail even the most important of projects. So what has 2015 got in store that could impact business data security? Take a look below to find out:
EU general data protection regulation
Businesses may think they have a future proof IT strategy in place, but substantial regulation changes on the horizon will force a considerable rethink. The EU Data Protection Regulation which should come into force in 2017, will ramp up businesses' responsibility for data security, increasing sanctions for mishandling it. In short, this means fines of up to two per cent of a business’s annual global turnover and possibly a requirement to report a breach within 24 hours.
> See also: Is 2015 the year cyber security shows its human side?
This has ramifications for any strategy that is based around data – like BYOD, storage, internet of things and cloud. Because the changes in law are radical, organisations will have to work hard in 2015 to have a chance of complying and avoiding substantial fines when the new laws come in.
Big data innovation
2015 will see even more businesses take advantage of the power of the data they hold. From using analytics to gain greater business insight, to schemes such as the NHS’ care.data initiative, organisations are doing more with their ‘big data’. However, due to the numerous data breach stories in the press, many organisations are unwilling to engage in innovative data schemes for fear of it increasing the chances of a data leak, as demonstrated by the difficulties care.data has run into. For many, there’s a lot at stake if this goes wrong: reputation, the risk of heavy fines from the ICO, and public outcry that could put a halt on any progress already made.
What we could see in 2015 is innovation being stifled by data leak worries, and to avoid this organisations should think about data security at the start of the project, and ensure it is incorporated throughout its life cycle. This needs to take into account every aspect of the project, from the devices being used to the platform that is accessing this data.
(Even) more mobile
While this has been a trend for the last couple of years, the increased use of mobile devices by employees is not slowing down. Whether an employee-owned (BYOD) or corporately owned and personally enabled (COPE) device, the growth in devices means a corresponding increase in endpoints, all of which are potential security vulnerabilities.
With the proliferation in device types, form factors and operating systems, it’s even more important that whatever security solution is in place is device agnostic, and able to cope with any type of new technology. That way firms are able to take an employee rather than device centric approach to data security and device management.
In 2014 we saw mobile devices starting to do more, with the contactless payment and fingerprint recognition technology in Apple’s latest devices an example of this. What we’re going to see in 2015 is an increase in what mobile devices are capable of doing. For example, Apple's Touch ID fingerprint scanner has so far been used to unlock the handset itself and as a verification tool when making purchases through Apple's App store. However, now that iOS8 has made this functionality available to third party developers, users will soon have the ability to unlock a greater range of apps via their fingerprints.
While this example could have additional security benefits, it’s an example of device features rapidly expanding beyond what IT departments are comfortable with. In the wider business environment, firms need to be on their guard, and consider exactly what impact these new features will have on the way corporate data is stored and accessed. Contactless payment, face scanning and interaction with wearable devices are all features we’ll be seeing in 2015, but could be easily circumvented by hackers, or leave data open to leaks if they’re not made part of the wider device security strategy.
The recent iCloud hack and subsequent leak of intimate photos of Hollywood celebrities has made it clear that even the young, rich and famous aren’t immune to data loss. The fatal mistake these stars made was to forget that data, be it an email or photo, isn’t static. More often than not it goes straight to the cloud, where in theory it can be accessed from anywhere. The question for 2015 is how savvy the next generation of digital youngsters are going to be. They may know how to use the latest apps and devices, but they haven’t had the training and experience to consider what happens to this data in the cloud.
> See also: 2015: the year of the exploit
The next few years will reveal the impact of these digital natives on sensitive corporate data. If they take a laissez-faire attitude to corporate data and don’t consider what might happen to it when it is in the cloud, firms will end up facing serious data breaches. When businesses start realising this, we’ll see them taking a more serious approach to training their younger staff about data security so that it keeps up with their wider digital skills.
The corporate IT environment is changing faster than ever, fuelled by wider changes in consumer IT. Businesses clearly want to take advantage of the benefits that they can offer, but now more than ever data security needs to remain at the heart of these initiatives.
With upcoming laws like the EU General Data Protection Regulation making the consequences of data breaches more serious than ever, let’s hope 2015 sees data security move up the list of priorities.
Stephen Midgley, VP Global Marketing, Absolute Software