The growth of data’s influence on our personal and business lives over the past few years has been faster than anyone could imagine. The pace of change is set to continue – according to DataAge 2025, a report by IDC and Seagate, by 2025 the global datasphere could be as large as 163 zettabytes and 90% of that data could require some level of security, but less than half may be secured. Driven by high-profile data breaches and cyber-criminal activity, businesses in fields as diverse as finance, transportation, healthcare and retail are recognizing the urgent need for investment in data security practices.
Unsurprisingly, the security industry is well aware of this increased appetite for data security products. The market is now flooded with new products and solutions that claim to address the concerns of businesses and meet new government regulations, such as the European Union’s General Data Protection Regulation (GDPR). A recent report from MarketsandMarkets estimates that the global cybersecurity industry could reach $231bn by 2022.
While increased spend can be a good thing for data security, there’s a danger that in the rush to be first to market with new products and services, security providers are failing to see the bigger picture. Security is a circle, not a line: every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is a renewed focus on areas of hardware and software protection that have previously not been front of mind or received large amounts of investment from businesses, with security at the drive level being a prime example.
A problem of silos
As with so many issues in IT, the problem starts with silos. Data today moves frequently, and that increases security risks. At the moment, everyone involved in the handling and processing of data, from network providers and cloud software firms to hardware manufacturers, have their own techniques for securing their small part of the data value chain and rarely think beyond that.
This becomes a real problem when the global data environment becomes more complicated. We’re seeing the rise of IoT, embedded systems, machine learning, and real-time data analysis – all of which can be used in complex systems such as autonomous vehicles and drones. The more steps in a data transfer, the more opportunities there are for malicious players to infiltrate the system.
In order to provide their customers with the most secure environments possible, security vendors will need to stay ahead of the way businesses are implementing their technologies, what other products are used in the same stack, and how these different products can work together to create a circle of protection for customer data.
Security at the drive level
In a world where data owners are under constant threat of attack from the next WannaCry, it’s important to make sure every link in the security circle chain is in place, and that all aspects of hardware and software that handle sensitive data have adequate security features. A recent Thales Data Threat report found that data-at-rest security tools are consistently rated as the best way to protect data once attackers are inside the walls. Data-at-rest encryption functions as a last line of defence: if a malicious actor manages to breach outer layers of security using hacked or fraudulent credentials, hardware-level encryption can protect the organization from data theft.
However, despite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it receives. The same Thales Data Threat report found that data-at-rest security received some of the lowest levels of spending increases in 2016 (44 per cent), versus a 62 per cent increase for network and a 56 per cent increase for endpoint security.
Completing the circle
According to Accenture’s Cost of Cybercrime study, the number of data breaches increased 27.4 per cent year-on-year in 2017. Defending against these kinds of attacks is only becoming more challenging.
Take the huge number of businesses that use cloud-hosted services, for example. As more and more data is stored in the cloud, businesses need to prepare for major security breaches when cloud technology fails. And there are many examples of it doing just that. Likewise, the rapid development of blockchain technology and more advanced malware attacks such as WannaCry both present far more serious and advanced threats than businesses are accustomed to dealing with.
There is no singular answer to these different threats – and that’s really the most important point. Security in this new era requires multiple complex defence systems to be operating harmoniously with each other. These systems – including encryption at the drive level – need to be in communication with each other and form a circle of security around sensitive data. Industry players in the security space must collaborate as well as compete if they are to serve their customers effectively.
By: B.S. Teh, Senior VP - Global Sales and Sales Operations, Seagate...