*By Daniela Costa
The global spread of the pandemic from the end of 2019 made the scenario forecasting exercises gain even greater importance, not least because of the difficulty in projecting the future safely amidst so many uncertainties. We learned from the unpredictability of COVID and now that, although slowly and unevenly, the vaccination process advances, it is already possible to detect some trends that should mark the IT sector over the next year.
More than ever, it's vital to protect business data from damage, destruction or attack in today's hyperconnected digital economy. It is no exaggeration to say that the viability of every business now depends on constant access to its critical systems and data. It would be a memorable start to the year if we could say that managing and protecting a company's data has never been easier. Unfortunately, the reality, marked by a sharp upward trend in both the number of criminal attacks and the sophistication of cybercrime, is quite different.
It is necessary to constantly monitor the changing data landscape and be aware of new tools capable of successfully facing new challenges. Privacy regulations are constantly evolving and security threats can originate from anywhere in the world. Against this uncertain backdrop, it is possible to identify at least four emerging trends that will shape the way companies will approach data protection and management in the coming year.
Global supply chain issues will become a data protection issue
Supply chain disruptions are causing a significant disruption to the global economy, affecting everything from cars and refrigerators to semiconductors and toys. This picture is expected to continue into 2022. In a new survey of CFOs compiled by Duke University's Fuqua School of Business and the Federal Reserve Banks of Richmond and Atlanta, most CFOs expect these issues to not be fixed by the second half of 2022 , possibly even entering 2023. Logistical issues and digital risks such as cyber attacks will cause further disruptions to the global supply chain in the coming year. The supply chain will continue to be a priority for organizations in 2022. This means they will need to be actively armed with data protection solutions to keep the supply chain running and meet the demands of their customers. Specifically, organizations will need to ensure that cyber attacks do not further compromise their supply chains and that data is available 24/7 and recoverable instantly.
Data sovereignty will create even greater management challenges
As companies have grown globally and become more interconnected, the rules around data privacy have become much more complicated. An organization based in Germany can use a US company like Amazon or Google to store and send data. The question is: where does this German company's data reside legally and by what rules is it governed? Answers to these questions are complex and far from clear. Global IT, legal and HR experts are intensively discussing how to interpret this ever-evolving reality.
Companies no longer have a single core of data at their corporate headquarters that IT can focus on protecting. These days, much of their data resides in the cloud, which means they have a globally distributed data infrastructure. They must follow up on sovereignty issues in different jurisdictions, and for that they will need help. Cloud providers will have to work more closely with their customers to manage sovereignty and rule enforcement. By 2022, the onus of improving compliance and data sovereignty issues will fall on both enterprises and public cloud providers. Companies cannot limit themselves to just backing up data. They will have to be mindful of the content of this data and create policies around that content.
Role of DPO will grow in strategic importance
The Data Protection Officer (DPO) is an enterprise security leadership role that, under certain conditions, is legally required. More stringent legislation, such as the General Data Protection Law (LGPD), imposing heavy penalties in cases of compromise of sensitive information, contributed to increase the demand for these professionals. They are responsible for expert knowledge of data protection laws and practices, while also overseeing the company's information security strategy and ensuring compliance with legal requirements. As such, it is a natural trend for the DPO's role to grow in strategic importance in the coming year, particularly as its role goes beyond traditional IT to encompass a holistic view of data privacy, security and education. DPO can even open up new opportunities across the entire organization. Just as an example, in a remote working world, DPO will be a strategic enabler for the business, especially as it is clear that the virtual workforce is here to stay.
The surface vulnerable to attack will continue to expand
A company's attack-vulnerable surface includes every possible way for an attacker to enter a company's devices and networks and block or withdraw its data. Therefore, it is essential to keep the attack surface as small as possible. The problem is that this surface is continually growing as more people work remotely on multiple devices and create more entry points for cybercriminals to carry out their attacks. Worse, the attack surface is constantly changing. It's not a single surface, but many different fragments. In 2022, security and recovery strategies must be more thorough. As the attack surface expands, these strategies must cover not just data on-premises, but also in the cloud, at the edge, and everywhere in between.
The data protection challenge is sure to become even more daunting in 2022. Among the many lessons we've learned in this dismal period of nearly two years is that not taking the right steps at the right time is the ideal recipe for a tragic end result.
Daniela Costa, Vice President, Latin America, Arcserve
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies