Much has been made lately about data privacy. Terms like PRISM, Tempora, Xkeyscore have all found their way into our lexicon and the global consciousness. Lavabit and Groklaw have closed their doors in protest. Governments are being rocked by data surveillance exposure.
Individuals across the globe struggle with a lost sense of privacy—or, conversely, applaud governments for keeping them safe. It’s a complex issue with shifting battlegrounds, allegiances and outcomes.
None of this is really new of course, there are just better, more effective tools to monitor people's online activities—not just for governments, but for black-hat hackers as well. Pandora’s box is open.
Stormy Clouds On The Horizon
Others can debate the risks, rewards and role of these revelations. As a businessman who has spent my life in the open (open source and open standards to be more precise), I’d like to discuss the risks and obligations of corporations in this Brave New World of BYOD, the cloud, big data, the Patriot Act and cybercrime/cyber espionage.
It was only a few short years ago that the press and analyst community were touting the potential of the cloud. Around the same time, executives had just begun tossing out their corporate Blackberries and buying their own iPhones, then iPads—bringing their own devices behind the corporate firewall and demanding access and support.
More recently came amazing analytical tools made possible by the huge strides in what we call “big data.” Google, Facebook and—we now know—governments, are all taking advantage of this meta data to better understand trends and individual activities.
And at ever-increasing rates, companies and their employees are turning to BYOD and the cloud to have cheaper and more unfettered access to critical company data. Unfortunately this data, which is critical to employees to do their job, is also critical to the companies themselves. But it's also a gold mine for competitors and potentially even fodder for nosey governments. Build into the mix fiduciary and regulatory responsibilities, and we have a real mess—a time bomb just waiting to explode.
Gartner has called it a “hair on fire” problem for businesses and the Information Technology and Innovation Foundation predicts that recent revelations could cost U.S. cloud companies up to $35 billion.
What Businesses Can Do
Businesses need to face the problem of their data exposure head on. They can start by auditing the use of services like DropBox, Google Drive, Box or Accelion: vendors that force your data off site, either to store it or to “cloud enable” it. Even if data is stored on premises, if it has to travel to off-site servers, which should raise red flags. Once the audit is complete, decide if your company can risk the exposure of that data.
An organization has three choices:
- Keep all your systems and data private under your own control
- Build trust (relationships, legal, general) into an organization to host your systems and data
- Build a hybrid strategy depending on the level of importance of systems and data or other decision criteria
However, any solution a business wants to implement should fulfill the following criteria:
- Allows you or your employees (and customers and partners) to access data and files when they want and where they want
- Gives you full control and auditability
- Securely allows the exchange of data across people and other organizations
- Allows you or any third-party or interested person to control that there are no built-in backdoors (open source is a great way to accomplish this)
A good start is to just take a closer look at your data—where’s it going? Why? Who really controls it?
Realizing you have a problem is the first step to taking back control.