Data Privacy Day: Expert’s Top Tips
The 28th January is known as Data Protection Day and Data Privacy Day in different parts of the globe, which of course makes sense as the two go hand in hand.
Data protection refers to the ongoing effort to prevent unauthorised access to data and to prevent data from being corrupted, illegitimately altered, or its integrity otherwise subverted. Achieving data privacy depends on a data protection effort, which itself depends on those who legitimately collect, access and process data to recognise and adhere to data privacy principles.
Three experts join Technology magazine to discuss the topic of data privacy in their respective realms.
Internet of Things (IoT) and 5G threats
According to Mike Wood, CMO at Versa Networks, data privacy is a principle that data should be protected from unauthorised access in order to maintain confidentiality and prevent malicious or unapproved use.
Wood explains that due to the explosive shift to the work-from-anywhere approach over the past couple of years, organisations’ people, technology, and data are spread across unlimited locations around the world: “Coupled with that is the ever-increasing demand to be connected to everything and everyone all the time which has resulted in a push for emerging technologies such as 5G and IoT,” said Wood.
Whilst convenience, connectivity and flexibility are key to the current working environment, so too should be the security of our devices and the privacy of our data, insists Wood.
“Despite the rapid adoption of 5G, IoT and other new technologies, their popularity far outweighs their security. In the short time that 5G has been globally deployed, it has become a natural component of IoT devices and is also in the perfect position to help transform business networking and the interconnection of infrastructure environments, be those on-premises, hybrid-cloud, or multi-cloud,” he added.
Wood suggests that as a market, these technologies have not undergone enough research for experts to be confident in its security: “Zero-day attacks are a huge threat to IoT and 5G applications. What’s more, 5G is not a private network, so when IoT devices are connected to it, the attack surface expands, and they and the data they store become vulnerable,” he said.
With a work-from-anywhere model, Wood says employees can easily access their Voice over IP (VoIP), Unified Communications, collaboration, and video applications from any location and any device, but this has to be done securely, he believes: “Businesses should be looking to invest beyond traditional technologies such as VPNs to protect their data against users who can be connecting from anywhere, on any network, and any device – they need to implement a holistic approach to getting visibility and control over all identities, threats, and endpoints” said Wood.
Data immutability, data forensics and issues around hardware and software
Peter Donnelly, Director of Products, ATTO Technology, believes that data immutability can play a pivotal role in bolstering an organisation’s security posture by helping to ensure business-critical data remains safe in the event of an attack.
“Immutability means data is stored in such a way that it cannot be altered or deleted. Data is then referenced when needed and processing occurs as if the data were an object where changes are stored separately from the referenced data,” said Donnelly.
Donnelly suggests that digital forensics will grow in importance as a tool in data protection and privacy, for law enforcement as well as corporate security. Digital forensic investigations are a highly specialised undertaking that, if executed successfully, provides insight as to how data was accessed, altered, deleted or otherwise corrupted during an attack.
“The outcome of a digital forensics investigation can then be used to strengthen organisational data protection and privacy strategy and policy. Among the first steps in digital forensics is to lock down suspect data to preserve its state which can only be accomplished via specialised hardware and software”.
Finally, Donnelly adds that organisations should pay close attention to the role that hardware and software tools play in their ability to protect data and privacy: “The right solutions can elevate protection efforts with features like end-to-end encryption, data immutability, built-in forensics tools and even air-gap data protection like tape archives provide,” he said.
Biometrics: from novelty to necessity
Alexey Khitrov, CEO at ID R&D, suggests that one of the best ways to ensure data privacy is to remove the weak links like passwords, PINs, and security questions, which can easily be shared, borrowed, or stolen. Khitrov suggests that the future of data privacy needs a new approach, and that lies with biometric data: “Biometrics is simplified security that uses something you are - not something you have or know. Modern biometrics is protected against hacking through sophisticated anti-spoofing capabilities,” he said.
As biometric templates are mathematical representations of a person’s unique characteristics and cannot be used outside of the authentication products, Khitrov explains that if this can’t be used by others, it’s of no value to criminals.
“You can’t borrow a face or a voice, or convincingly replicate it to pretend to be someone else. Biometric liveness detection means a mask or image won’t cut it; AI technology can determine a spoof with lightning speed. Above all, biometrics are secure and frictionless for the genuine customer. Real customers can’t lose or forget their biometric data, so the process of authentication for them is easier than ever. The tech is out there – it’s up to organisations to seize it, realise the benefits, and enhance data privacy protection on a whole other level,” says Khitrov.