Defying gravity to combat today’s data insecurity

As long as there have been networked computers, there have been hackers trying to access them. The 1983 movie WarGames, which followed a teen-aged hacker’s accidental commencement of World War III, personified the angst felt by experts and the general populace alike regarding the computing age. It turns out that their fears have been justified in the 30-plus years since, as increasingly sophisticated attacks have made the internet one of the least safe and secure places on Earth.

What is the solution to the current state of data insecurity? Before arriving at the solution, it is important to take the journey across the current data landscape to understand some of the primary forces influencing today’s data storage strategy.

Cyber security falling short

As networks grow increasingly complex, so does securing them. Gartner projected that information security spending would reach $81.6 billion in 2016, yet the data breaches keep coming. The switch from perimeter to endpoint network security has not happened quickly enough, and it alone is insufficient to meet today’s advanced threats.    

The rapidly changing internet landscape is creating problems that have never existed, requiring solutions that may not have been discovered yet. The IoT continues to pose serious challenges; the Federal Trade Commission’s recent suit against a router manufacturer speaks to the severity of the threats that can be caused by insecure internet-connected devices. Last year’s massive Mirai botnet attack, which took most of the U.S. offline for a day, is a case in point.    

Experian predicted several trends that would take centre stage in 2017 in its yearly Data Breach Industry Forecast. One of them will be international data breaches that will cause significant problems for multinational companies, particularly in light of preparation for the GDPR to take effect. The firm also predicts that healthcare organisations will be the most targeted sector this year, with sophisticated new attacks emerging. To further complicate matters, government-sponsored cyber attacks have moved from fiction to reality and are expected to escalate from espionage to proactive cyber war. 

The OPM breach was a mere foretaste of things to come as nations ramp up their activities. Experts anticipate internet-based attacks to take down critical infrastructure this year, as well. It is also likely that, at least partly due to this activity, that government surveillance of data will increase.  

Weighty data regulations

One of the consequences of the onslaught of malicious cyber activity is an increase in legislation, culminating in the European Union (EU) General Data Protection Regulation (GDPR). The GDPR’s official site calls it “the most important change in data privacy regulation in 20 years.” One writer likened it to the all-seeing Eye of Sauron from the Lord of the Rings trilogy.      

That may be going a bit too far, as the aim of the GDPR is admirable: to unify data security, retention and governance legislation across EU member states to protect its population’s data. The regulation covers both EU citizens and citizens of any other country residing in the EU. All companies processing the personal data of people residing in the EU, regardless of the company’s location, must comply. 

This is a fancy way of saying that the GDPR is a nightmare from a jurisdictional perspective.

This legislation, which takes effect on May 25, 2018, requires more oversight of where and how sensitive data—such as personal, banking, health and credit card information—is stored and transferred. Most organisations will need to appoint a Data Privacy Officer who reports to a regional authority, as well. EU residents have new rights, including data portability, the right to be forgotten (erasure) and to be notified within 72 hours of the discovery of a data breach.  

To encourage compliance, the European Union has created a hefty fine system for non-compliance. Organisations can be fined up to four percent of annual global revenue or €20 million – whichever is greater. It’s important to understand that these rules apply to both controllers and processors – which means clouds will not be exempt.

As the deadline for compliance draws nigh, it would seem like a no-brainer that organisations are hard at work transforming their data classification, handling and storage methods to conform to the new ruling. But research findings from The Global Databerg Report (a survey of roughly 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the U.S. and Asia Pacific) says that 54 percent of organisations have not advanced their GDPR compliance readiness.

Organisations do take this regulation seriously, but it opens a can of worms that many are not sure how to deal with. The GDPR is requiring organisations to address some of their most difficult data challenges, including fragmentation of data and loss of visibility. Cloud-based services and BYOD have only added to the confusion and, along with the default behaviours of data hoarding and poor management, create a “databerg” (see the report above) that becomes as dangerous and expensive as the iceberg that sank the Titanic. 

The prospect of complying with the GDPR leaves organisations with just two options. The majority of affected organisations will spend the next year scrambling to erect infrastructure and processes and deploy personnel to make sure they meet the stringent requirements. The other option is to remove the relevant data altogether from the GDPR’s jurisdiction. Which means taking it offworld.

Data storage in space 

Removing data from the bonds of Earth may seem like a science fiction plot until you realise that there are already satellites ringing the planet that regularly receive and transmit information. Since this is possible, why not develop a system for secure, internet-free data storage and transmission? A space-based cloud storage network would provide government and private organisations with an independent cloud infrastructure platform, completely isolating and protecting sensitive data from the outside world.

This is not merely a theoretical proposition. New technologies have been conceived to provide this type of independent space-based network infrastructure for cloud service providers, enterprises and governments to experience secure storage and provisioning of sensitive data around the world. By placing data on satellites that are accessible from anywhere on Earth via ultra-secure dedicated terminals, many of today’s data transport challenges will be solved.

Jurisdictional challenges, such as those posed by the GDPR, are also alleviated. Space-based data storage frees organisations from the jurisdiction-based restrictions that the regulation will impose. A satellite storage solution also removes today’s most pressing security concerns, since data will never pass through the internet or along its leaky and notoriously insecure lines. In-transit espionage, theft and surveillance become impossible.

Reimagining data security

The internet is an intrinsically insecure environment for data. Cyber criminals can gain access to it in a multitude of ways, which is why defending it is almost impossible today. As data breaches continue almost unabated, government and private organisations are looking for somewhere to safely store their sensitive data. Space-based storage offers a convenient solution to the issues of both security and jurisdiction while offering unprecedented transit speed and making data inaccessible to bad actors.

Cliff Beek, president, Cloud Constellation Corporation
Image Credit: IT Pro Portal