2015 ushered in the start of a data economy. As organizations amass more detailed consumer profiles they have begun realizing that data could equal or surpass the value of the products and services they sell, especially in the Internet of Things era with its constant and very personal streams of data. Data breaches such as the Office of Personal Management and toymaker, VTech are indicative of increasing hactivist interest in more personal data and also of the growing value of that data.
At the same time the concept of cloud is changing. In our hyper connected era traditional backend clouds where the bulk of data processing takes place have been superseded by waves of cloud migration that are closer to where the data transaction is occurring. This allows for real-time data exchanges. Additionally, the lines between SaaS, PaaS and IaaS are becoming blurred with hybrid models such as SaaS built upon PaaS. With the confluence of a data economy, blurring of cloud models, and far more egregious data breaches I have outlined principles that Information Security Practitioners may want to consider as we move into 2016.
1. Bake standard data security profiles into a cloud brokerage platform that can be applied on as needed consumption basis. This will more easily allow IT and InfoSec to keep pace with new instantiations by the business across the cloud-extended data center.
2. Place increasing importance on federated identity schemes with individuals having Multiple Devices across different cloud services.
3. Build a data brokerage to help calculate the value of data. It’s the most effective way for business users to learn the value of the data they create, collect or handle.
By Evelyn de Souza