FutureCIO has covered data protection for some time now. In 2020, Gartner predicted that by 2023 65% of the world’s population will have its personal data covered under modern privacy regulations, up from 10% in 2020.
IDC noted that the growing prevalence of cloud-based services means greater volumes of data are being collected and analysed. At the same time, as cyber threats increase in number and sophistication, consumers are more aware of and sensitive to data breaches.
While rules and regulations regarding where and how data is stored and transmitted are changing, businesses recognise that their customers cannot tolerate disruptions to the digital infrastructures that undergird their work and daily lives, noted the analyst.
In this series on Readying the enterprise's data protection strategy in 2023, we look at how data protection is evolving in Asia Pacific and around the world.
Describe the state of data protection in 2022. How has it evolved over the last 5 years?
“Data privacy and protection rules have become far more complicated as we become more interconnected globally. Much of companies’ data today resides in the cloud, which means they have a globally distributed data infrastructure.”
David Lenz
“Both businesses and public cloud providers need a firm grasp on compliance and data sovereignty issues and a better understanding of what is in the petabytes of data they’re storing and the regulations around every element of that data,” said David Lenz, vice president, Asia Pacific at Arcserve.
For his part, Dirk de Vos, APAC channels director with GitLab, voiced out that to some degree - business leaders have long known that protecting data is critical. But what’s changed over the last five years is that security is now top of mind for consumers as well, and that is putting more pressure and scrutiny on IT teams.
“You only have to follow the news to see how important data protection has now become and the penalty for not securing your customers' data. By now, not just CSOs but also every CIO should have changed the way they think about customer data - looking not just at its value to the business, but what value it might hold to hackers as well.”
Dirk de Vos
He added that the rapid digitisation brought on by Covid has also had huge ramifications for data protection practices as speed to market has become a key differentiator. GitLab’s 2022 DevSecOps Survey found that 60% of developers globally are now releasing code faster than ever before. This is why DevSecOps adoption is fast growing.
De Vos said it is imperative to secure data from the first line of code to the APIs that are connecting to third-party tools, AKA data protection across the entire software development life cycle (SDLC), or risk of brand damage and huge financial penalties.
Grant Orchard, field CTO, Asia Pacific and Japan with HashiCorp observed that over the last five years there has been a big uptick in vendor capabilities providing data protection to customers.
This, however, has not translated into the wide-scale adoption of these technologies and practices.
“As an industry, we need to do more to educate the market to drive a focus on protecting data, rather than implementing controls for the infrastructure that data resides on, or within.”
Grant Orchard
He cited the example of a continued approach to encrypting data at rest by encrypting the storage that it resides on. This is helpful for protecting against certain threats but doesn't protect from on-network attacks in the way that field-level encryption or tokenisation does.
Raghu Nandakumara, head of industry solutions at Illumio, observed globally new privacy and cybersecurity requirements. This suggests that the data protection landscape is constantly evolving. He cited the recent Privacy Legislation Amendment Bill to increase penalties for large-scale data breaches to AU$50 million as one example.
“The majority of changes we’ve seen over the past five years have been part of a concerted effort to harmonise data protection legislation across the Asia Pacific region. Most countries already have some form of data protection and privacy requirements in place, but we’re increasingly seeing these modelled around the General Data Protection Regulation – the European Union’s data protection and privacy rules.”
Raghu Nandakumara
He opined that the biggest trend observed in data protection is a shift away from consent-based models towards accountability of data processors. The aim is to ensure that data is consistently handled and protected, regardless of jurisdiction.
“We’ve also seen changes to improve consistency around breach notification and reduce the variation in requirements and reporting timeframes across countries. Ultimately, if we can make regulation more consistent across borders then it becomes easier for organisations to focus on building resilience and recovering from data breaches, rather than complying with ever-changing legislation,” he suggested.
Matthew Oostveen, VP & CTO, Asia Pacific & Japan for Pure Storage, said outside of legislation, the cybersecurity landscape is also rapidly evolving, with attacks becoming more advanced and sophisticated. Cybercriminals are finding more innovative means to steal data, and among these, ransomware has emerged as a top security concern as attacks get bigger, bolder, and more costly for organisations.
He noted that in the past, the approach to data protection was to safeguard systems if something happens. He warned that this is insufficient to explain that a reactive approach, where security is merely seen as an afterthought, fails to consider latent threats and cannot detect malicious activities until they have caused significant damage.
“In today's complex cyber threat landscape, it is critical to discover threats and vulnerabilities early on to stay one step ahead of cybercriminals and prevent attacks from occurring in the first place.”
Matthew Oostveen
“There is an urgency to modernise our approach towards data protection: proactively preventing data storage system failures before they occur through routine upgrades, better technology, and predictive analytics,” concluded Oostveen.
* Editor’s note: Click on the links below for the series
Data protection in 2023’s cloud-first world
