By: Ivan Pittaluga, CTO, Arcserve
1: The attack surface will continue to expand as ways of working evolve.
Your attack surface includes all the possible ways an attacker can get into your company’s devices and networks and lock up or exfiltrate your data. So, it’s essential to keep your attack surface to a minimum. The problem is that your attack surface is continually growing as more people work remotely on multiple devices and create more entry points for cybercriminals to carry out cyberattacks. Worse still, the attack surface is constantly changing. It isn’t a single surface but many disparate fragments. Furthermore, control of endpoints is becoming increasingly complex as employees leave organisations and retrieval of equipment becomes harder.
The bottom line is that breaches will inevitably happen. And in the coming year, companies will have to do a better job of recognising breaches so they can extricate themselves as quickly as possible. Security and recovery strategies must be more thorough and practiced. As the attack surface expands, those strategies must cover not only your on-premises data but data in the cloud, at the edge, and everywhere in between.
2: Data sovereignty will create even greater complexity for data management.
As companies have grown globally and become more interconnected, the rules around data privacy have become far more complicated. For example, a company based in Germany may use a U.S.-based company like Amazon or Google to store and send data. The question is, where does that German company’s data legally reside, and by what rules is it governed? The answers to these questions are complex and unclear. Global experts of IT, legal, and HR are discussing passionately how to interpret our constantly evolving reality of data processing. That’s why 86% of IT decision-makers say their organisations have been impacted by changing compliance requirements for data privacy, according to a global survey conducted by Dimensional Research.
Companies no longer have a single data lake at their corporate headquarters that IT can focus on protecting. These days, much of their data resides in the cloud, which means they have a globally distributed data infrastructure. They must keep track of sovereignty issues in different jurisdictions, and to do this, they will need help. Cloud providers will have to work more closely with their customers to manage sovereignty and compliance with varying rules.
In the year ahead, the onus will be on both businesses and public cloud providers to improve compliance and data sovereignty issues by better understanding what is in the petabytes of data they’re storing and the regulations around every element of that data. Businesses can no longer be satisfied by simply backing up data. They will have to get smart about their data content and put policies in place around that content.
3: Global supply-chain issues will continue to be a data-protection issue.
Supply-chain issues are creating significant disruption to the global economy, with everything from cars and refrigerators to semiconductors and toys in short supply. And those issues look likely to continue well into 2022. In fact, in a new survey of CFOs compiled by Duke University’s Fuqua School of Business and the Federal Reserve Banks of Richmond and Atlanta, a majority of the CFOs expect the issues will not be fixed until the second half of 2022 or later.
Logistics issues and digital risks such as cyberattacks will cause further disruptions to the global supply chain in the coming year. In 2021, the Colonial Pipeline ransomware attack took down the largest fuel pipeline in the U.S. and temporarily caused fuel shortages up and down the East Coast. The supply chain will remain a top priority for organisations in 2022. That means they will need to be actively armed with data protection solutions to restore the supply chain to a working state and meet the demands of their customers. Specifically, organisations will need to ensure that cyberattacks do not further compromise their supply chains and that data remains available 24/7 and can be instantly recovered.
4: The Data Protection Officer will grow in strategic importance.
The Data Protection Officer (DPO) is an enterprise security leadership role that, under certain conditions, is required by the General Data Protection Regulation (GDPR). In fact, according to the latest GDPR stats, the demand for Data Protection Officers has risen by over 700% over the last five years. Data Protection Officers are responsible for having expert knowledge of data protection laws and practices while overseeing their company’s data protection strategy and ensuring compliance with GDPR requirements.
The role of the DPO is poised to grow in strategic importance in the coming year, particularly as the responsibilities of DPOs extend beyond traditional IT to encompass a holistic view of data privacy, security, and education. The DPO can even open new opportunities across the organisation. For example, in a world of remote work, the DPO will be a strategic enabler for business, especially as it becomes clear that the virtual workforce is here to stay.
The challenge of data protection is sure to become even more daunting in 2022 and beyond. As companies store more data across on-premises, cloud, hybrid, and third-party systems—and as data regulations grow and multiply—companies must stay on top of the ever-evolving data landscape or risk sinking altogether.
About the author:
Ivan is an award-winning technology executive with more than 25 years in software engineering, Ivan has built and led multi-national teams and delivered market-first technology in areas including Big Data and the Cloud. As Arcserve’s CTO, Ivan sets the strategic direction and development relative to the portfolio of backup, disaster recovery, continuous availability, migration, and archiving solutions. Prior to joining Arcserve, Ivan guided software engineering and product development for Veritas Technologies NetBackup. He also led continuous product improvements at Quantum where he facilitated the release of its first Appliance and Object Store product, paving the entry into Cloud markets. Ivan previously held senior engineering positions at Symantec, Commvault, Legato Systems (Dell EMC), and Mastercard. Ivan earned his Bachelor of Science in Computer Science from Colorado State University.