Chris Evans, Foreshore examines recent trends in technology and provides a forecast of some of the future implications these trends may have regarding information security that businesses may face.
The BVI – VISTA Trusts in Prac…
My previous articles on the challenges facing privacy looked at the general risks on information security from the effects of technical innovation (in particular as it related to customer confidential information) and the implications to business of the loss of this type of data.
Whole new territories are opening up as a result of technical innovation and allowing businesses and government (whose aims are not always aligned) to operate in legally grey or undefined areas. I looked at how businesses are incorporating information services into the day-to-day business activities through the adoption of cloud computing services. One of the significant benefits of this process is that it enables them to very rapidly respond to changing market conditions. The counter argument of course is that business will also be exposed to risk at a faster rate as well.
In this final summary of the series I consider the factors that have a bearing on the loss of privacy and the erosion of information security generally. As previously discussed the most significant of these are as a result of the disruptive effect of technical innovation and so I shall be examining the trends in technology and will attempt to forecast some of the future implications for business.
New tools means new tactics - the balance of power has shifted from those who wish to keep data confidential to those who wish to see it, steal it and/exploit it. New powers made available from technical innovation will encourage new justifications by governments for being able to access your data.
Technology innovation will continue to happen but at an accelerating pace.
More data will be stored and more will be lost - The scandals of sensitive data entering the public domain will continue as it becomes cheaper to store everything than to try to classify what information needs to be kept and what can safely be discarded. "You don't know the value of a piece of information until you need it" neatly summarises the argument for wholesale storage of everything.
Data that leaks out, is disclosed or is stolen will be re-used, intentionally by those who have a use for it and unintentionally by those whose systems are insufficiently secure to keep it private.
Data accumulation will be recognised as a significant threat; small pieces of personal information that are divulged and assumed to be low risk remain like jigsaw pieces for others on which to build assumptions. Identity theft is usually achieved in this fashion. In time the accumulation process could become a reputation time bomb.
Data in transit will become as vulnerable in the near future as data stored is today.
Legislation and regulation will continue to struggle to keep up with developments in technology as people and businesses are able to do things that could have never been envisaged when the regulations were drawn up.
Extra legislative powers designed to protect national strategic interests will expose business to new and unexpected risks.
US-EU Safe Harbor provisions will be insufficient safeguards for EU firms that wish to host confidential data with European companies that have US parent companies. The US and Europe are ideologically at odds over the management of customer information. Collected data is a corporate asset to be exploited by the US company owning it. EU data protection legislation severely limits re-use and adds a major compliance obligation on an EU company.
Jurisdiction will extend beyond national boundaries. Countries will seek to extend their jurisdictions in the same way that the United States regards any activity that has an impact on its economy as potentially within its jurisdiction.
Technology innovation has destroyed the innate privacy of confidential information; the preservation of privacy now has to be by design.
Firms that demonstrate to clients, staff and other stakeholders that confidentiality is a key objective and support that by proper risk analysis and a working information security policy will be able to meet the challenges ahead. Those that don't may be in for a rough time.
About the Author
Chris Evans Chris Evans is the CEO of Foreshore, a Channel Islands based Internet services company that provides secure hosting, email and data storage solutions to financial services companies worldwide.