Nowadays a big part of our life is connected. Thanks to our phones, connected objects, and web applications, our life simpler. Consequently, we are producing a huge among of data. Not to mention that it includes data related to our privacy. Indeed, simply by using an application, our smartphone collects data and to store them in online servers. Those data include for instance:
- Your address, email, username, date of birth
- Your current position
- Where you click on the screen
- The time spent on a page
- Your preference, your mood
Consequently, those data are precious information which can significantly extend business possibilities.
The New Oil
Organizations continually store data in their servers. Progressively, it represents millions of records which reveal the users’ thought and behavior. We often called those data the new Oil (read more on The Economist). Furthermore, with the power of current hardware and software, it is relatively simple to explore those data. Effectively with a couple of accessible technologies and algorithms, it is possible to deep dive in customers’ habits. Those algorithms may be complex and require experienced data scientists for their development. Nevertheless, specialized developers already have developed and publish plenty of those algorithms, ready to browse our data.
Actually, this data-driven economy enables the C2B (customer to business) market for organizations who embrace this model. If well understood, it becomes easy for organizations to cut down many costs related to marketing, research, and development. Indeed, they can easily explore data, figure out what people want in a field and how they want it.
Individuals produce a tremendous amount of feedback daily, and it is a direct way to improve products or services. It’s a valuable stream of information for companies who can use those feedback and figured out what can be improved. Additionally, it’s a win-win situation. Consumers are happy to enjoy a better quality of service and companies can continuously improve their services. Of course, it’s acceptable as long as we warn customers and he explicitly authorizes the company to browse its privacy. Often, people accept that fact if their private data improve the service or the product.
According to the breach level index, more than 13 billion data records have been lost or stolen since 2013. Fortunately, some of them were encrypted and therefore unusable. But it represents 4% of 13 billion. Also, more than 6 billion accounts have been made freely available online by hackers (by the way, I suggest you to check if your email is not part of this on https://haveibeenpwned.com).
The reality is that it is very complicated for any organizations to guarantee security and privacy on your data. Mainly, because of immense business pressure to deliver results, bigger and faster. Unfortunately, this cocktail pushes the security of your data at the lowest level of importance for most of the organizations. They often don’t allocate the required budget or are not willing to spend the required amount of time. Furthermore, securing IT is a recurring expense which the financial departments often targets to reduce. Hence, most of our data remain under managed, lost or stolen.
The Human Factor
Besides, when we speak about security, it is a permanent task which requires continuous attention. It can’t be an exception. Indeed, at the moment you add an exception, you open a breach. It’s like having a fortress with strong walls and let a ladder outside ready to use. Mostly to save time, or energy, we tend to make shortcut or exception. For instance, we use the same passwords, we write them on paper, we open the easiest ways for friendly colleagues, we prefer to postpone a critical security patch for the next week, etc. All those factors expose our privacy through breaches. Hence malicious people may discover and exploit them.
Secured By Design
A concept is growing as a guarantee of privacy protection. Indeed, the GDRP rules (The European Union law on data protection) states that companies must ensure data protection by design and by default. Therefore, the code must guarantee the data protection from its definition. Besides the security must be activated by default. In other words, data protection doesn’t rely on human configuration. Instead, the software itself does the job by default. Ideally, there is no option for the human to disable it.
In brief, This coming digital age is good for businesses and people. It improves our world, the way we communicate and we live. Then, data is becoming a critical source of revenue. Thus, most businesses cannot survive without it, and robust data management can lead to significant business successes. Therefore, the challenge for companies is to manage a more massive amount of data without any single trade-off on security. As a solution, security by-design is a great way to support organizations in their approach to protect our privacy.