Data Privacy: securing the key to digitalization

Data is the gold dust of the 21st century, and with the amount of that data set to double every two years (reaching 44 trillion gigabytes by 2020), it’s allowing organizations of all sizes to open up opportunities to truly understand their customers. For instance, analyzing data in near real-time and acting on insights to deliver superior experiences.

However, the data bonanza is not a free-for-all. The very acts which excite businesses – holding and using data – have the potential to expose them to significant legal and reputation damage. Just as there has been a groundswell of interest in harnessing the power of data, so consumers are becoming more aware of their right to privacy and what giving away their data can mean. Organizations that fail to properly secure customer information not only face regulatory and legal sanctions, but can expect significant damage to reputation and trust. Marissa Mayer lost her annual bonus over the mishandling of security breaches that exposed the personal information of more than 1 billion users.

Governments are reacting to the increased demand for data legislation as well. Regulations such as the EU’s General Data Protection Regulation (GDPR) which comes into force on 28 May 2018 guarantees the data privacy rights of any EU citizen, no matter where their data is being held or processed. It will have consequences for businesses globally, not just in the European Union.

This leaves enterprises with a tricky balancing act. As they embrace digital transformation strategies, the use and storage of data will be critical. They must use data to deliver the commercial edge they need, whilst ensuring they protect that data from increasingly sophisticated threats. All at a time when being truly digital inherently means increasing the attack surface area of an organization.

 

Enjoying choice while maintaining control

Enterprises want to be truly digital – this means being agile, secure, scalable and cost effective. On the surface, being agile and scalable would seem incompatible with being secure. Ultimately, however, all these bases need to be covered if businesses are to realize the huge benefits of digitalization. This is what Gartner terms as ‘the use of digital technologies to change a business model and provide a new revenue and value-producing opportunities’. A recent study from 451 Research[1], commissioned by Atos and VMware, which looked at the major trends and expectations of cloud adoption, found that increasing agility and delivering  scale were among the top three drivers of planned cloud projects for US and European enterprises. They are two of the driving factors influencing the decision to get the right infrastructure in place to enable digitalization.

In the past, it might be argued that it was an either/or situation – businesses that wanted to be mobile and connected were leaving themselves open to attack, that pervasive digitalization could not be married with compliance and governance – being safe ‘beat’ great user experience. It’s a perception that still holds firm –  the 451 Research study, which looked at how cloud technology is enabling digital transformation, reported that not only are 48% of European organizations (50% of those in the UK, 42 % in Germany and 49% in France) considering moving applications to private clouds for security and control reasons, but that security continues to be one of the major barriers to cloud adoption generally. It’s understandable, when one considers that, according to Gartner, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs by 2018.

Having the infrastructure to protect the 21st century’s most valuable commodity

Unfortunately, there isn’t a single silver bullet. What’s required is an infrastructure which reflects the needs of the business, covering its requirements across a number of environments. Private clouds certainly do offer secure environments, but public clouds have the edge in flexibility. It’s also important to understand how applications evolve – from test and development through to go-live ready deployments. Each iteration may work best in different environments, so being able to migrate easily is critical to get products and services to market whilst keeping compliant and maintaining security.

It might seem like a great idea in theory, but can it really happen in practice? Surely no organization can truly enjoy both the benefits of digitalization whilst remaining secure?

It does happen. The Olympics is a prime example – the Rio 2016 Olympic Games not only delivered a truly digital event, on a larger scale than London 2012 with computing power used more efficiently, but it also protected the data of thousands of athletes, media, volunteers and other individuals whilst processing accreditations and access, quickly against immovable deadlines. It also dealt with 400 security attacks a second, or 510 million IT security events across the course of the Games – double the number dealt with during London 2012.

 

Without data security, there is no business

The fact is that organizations will be judged on data protection. The introduction of the GDPR will help to increase awareness of the steps enterprises should be taking, and has far-reaching implications for any business which touches the EU, no matter where they’re based.

At the same time, however, customers are unlikely to accept a drop in user experience. Being secure is one of the core tenets of digitalization – any business wanting to reap the benefits of digital needs to incorporate it alongside agility, scalability and cost-effectives. The right, fit-for-purpose infrastructure will go a long way to enabling that balance.