It is more important than ever to protect business data from damage, destruction, or attack in today’s hyperconnected digital economy. Indeed, it is not an exaggeration to say the viability of every business now depends on constant access to its critical systems and data.
Of course, managing and protecting your business data is no easy task. You must constantly monitor the changing data landscape and be alert to new tools and challenges. You must be aware of ever-evolving privacy regulations and security threats, which may appear from anywhere around the globe.
What changes does 2022 hold? Here are four emerging trends that will shape the way companies approach data protection and management in the year ahead.
1 — The attack surface will continue to expand as ways of working evolve.
Your attack surface includes all the possible ways an attacker can get into your company’s devices and networks and lock up or exfiltrate your data. So, it’s essential to keep your attack surface to a minimum. The problem is that your attack surface is continually growing as more people work remotely on multiple devices and create more entry points for cybercriminals to carry out cyberattacks. Worse still, the attack surface is constantly changing. It isn’t a single surface but many disparate fragments. Furthermore, control of endpoints is becoming increasingly complex as employees leave organizations and retrieval of equipment becomes harder.
The bottom line is that breaches will inevitably happen. And in the coming year, companies will have to do a better job of recognizing breaches so they can extricate themselves as quickly as possible. Security and recovery strategies must be more thorough. As the attack surface expands, those strategies must cover not only your on-premises data but data in the cloud, at the edge, and everywhere in between.
2 — Data sovereignty will create even greater complexity for data management.
As companies have grown and become more globally interconnected, the rules around data privacy have become far more complicated. For example, a company based in Germany may use a U.S.-based company like Amazon or Google to store and send data. The question is, where does that German company’s data legally reside, and by what rules is it governed? The answers to these questions are complex and unclear. Global experts of IT, legal, and HR are discussing passionately how to interpret our constantly evolving reality of data processing. That’s why 86% of IT decision-makers say their organizations have been impacted by changing compliance requirements for data privacy, according to a global survey conducted by Dimensional Research.
Companies no longer have a single data lake at their corporate headquarters that IT can focus on protecting. These days, much of their data resides in the cloud, which means they have a globally distributed data infrastructure. They must keep track of sovereignty issues in different jurisdictions, and to do this, they will need help. Cloud providers will have to work more closely with their customers to manage sovereignty and compliance with varying rules.
In the year ahead, the onus will be on both businesses and public cloud providers to improve compliance and data sovereignty issues by better understanding what is in the petabytes of data they’re storing and the regulations around every element of that data. Businesses can no longer be satisfied by simply backing up data. They will have to get smart about their data content and put policies in place around that content.
3 —Global supply chain issues will become a data protection issue.
Supply chain issues are creating significant disruption to the global economy, with everything from cars and refrigerators to semiconductors and toys in short supply. And those issues look likely to continue well into 2022. In fact, in a new survey of CFOs compiled by Duke University’s Fuqua School of Business and the Federal Reserve Banks of Richmond and Atlanta, a majority of the CFOs expect the issues will not be fixed until the second half of 2022 or later.
Logistics issues and digital risks, such as cyberattacks, will cause further disruptions to the global supply chain in the coming year. In 2021, the Colonial Pipeline ransomware attack took down the largest fuel pipeline in the U.S. and temporarily caused fuel shortages up and down the East Coast. The company paid the hackers nearly $5 million in ransom just a day after discovering malware on its systems. The supply chain will remain a top priority for organizations in 2022. That means they will need to be actively armed with data protection solutions to keep the supply chain working and meet the demands of their customers. Specifically, organizations will need to ensure that cyberattacks do not further compromise their supply chains and that data remains available 24/7 and can be instantly recovered.
4 — The data protection officer (DPO) will grow in strategic importance.
The DPO is an enterprise security leadership role that, under certain conditions, is required by the General Data Protection Regulation (GDPR). In fact, according to the latest GDPR stats, the demand for DPOs has risen by over 700% over the last five years. DPOs are responsible for having expert knowledge of data protection laws and practices while overseeing their data protection strategies for their companies and ensuring compliance with GDPR requirements.
The role of the DPO is poised to grow in strategic importance in the coming year, particularly as the responsibilities of DPOs extend beyond traditional IT to encompass a holistic view of data privacy, security, and education. The DPO can even open new opportunities across the organization. For example, in a world of remote work, the DPO will be a strategic enabler for business, especially as it becomes clear that the virtual workforce is here to stay.
The challenge of data protection is sure to become even more daunting in 2022 and beyond. As companies store more data across on-premises, cloud, hybrid, and third-party systems — and as data regulations grow and multiply — companies must stay on top of the ever-evolving data landscape or risk sinking altogether.