In a previous post, we discussed the paradox of data scarcity within the big data era and the new frontier shaped by a range of emerging technologies. Despite the vast potential for emerging technologies to significantly improve society, there are growing concerns surrounding the security and privacy of these technologies. Because of this, organizations are locking down their data in response to data protection legislation and the proliferation of attackers and their techniques.
In short, despite their vast potential, if current trends are any indication, to fully reap the benefits of emerging technologies, secure data sharing and dissemination will be essential. A brief look at how data scarcity is impacting three critical industries illustrates how the lack of secure data sharing is fostering data deserts and actually limiting innovation, security, and privacy.
These digital innovations reflect a critical juncture, wherein the full positive potential of these ground-breaking technologies often relies upon secure data sharing and collaboration. The opportunities are great, but to fully realize them a significant shift in mindset is required, including a reprioritization of security and privacy and a better comprehension of the subsequent societal implications of these emerging technologies.
There is very little discussion around the increase of data scarcity with big data environments. Certainly, it is counter-intuitive and contradicts the growing paradigm focused on a data deluge. However, anecdotes of how three critical industries are impacted by data scarcity, and as a result are addressing secure data sharing, are informative and demonstrate this growing challenge.
For instance, in cybersecurity, there is a “dearth of high-quality, vetted data that researchers can use to draw their own conclusions.” This is an enormous problem, as organizations lack situational awareness, including a complete picture of attacker behavior, and therefore are left to formulate defenses based on incomplete information. Non-profit data sharing groups like the Cyber Threat Alliance demonstrate the utility of sharing threat intelligence, but it is by far the exception and not the industry norm.
The same story emerges in healthcare, where recent research demonstrates, “the scarcity of health care data imposes a significant cost on society.” Because of the strictly regulated environment aimed at protecting patient privacy, researchers struggle to find enough data and often drop what could be ground-breaking innovations for the betterment of society. To conduct impactful research, health care researchers frequently need to combine data sets from different sources, which often are in formats intentionally burdensome for sharing to maintain compliance. Privacy wins but at the cost of societal advances. What if you could maintain privacy while sharing data securely?
The financial industry is increasingly seeking this path. With a well-established information sharing and analysis center in place, the financial industry continues to move ahead to protect the privacy and security of data, while reaping the benefits of data sharing for everything from fraud detection to threat intelligence. There is an ongoing discussion of creating a global data standard for financial data, leaning toward a risk and permission-based system with audit trails while enabling organizations to make innovations in advanced analytics and consumer services.
While these are great advances, data sharing remains a blind spot for many financial institutions. According to one survey, 40% of financial institutions have over 50 data sharing agreements in place, but lack the security safeguards proportional to the risk. With the financial industry frequently topping the list as top targets for cyber attacks, more is still needed to ensure privacy while benefiting from secure sharing.
On the verge of so many impactful technological advances, secure data sharing and privacy are essential for innovation while maintaining privacy as a fundamental right. Several ongoing debates may determine whether this is aspirational or becomes a reality.
First, privacy-engineering and security-first development must continue to elevate in importance. It will prove to be a competitive advantage as the privacy awakening continues to gain traction.
Second, ongoing debates to weaken encryption must be replaced with security-enhancing policies. From Australia to India to Brazil to the United States, the trajectory of these debates is intricately connected with privacy, innovation and national and economic security.
Finally, fear, uncertainty and doubt (FUD) have significantly stymied creative solutions to today’s data challenges. While it is necessary to remain cognizant of, and prepare for, the challenges and threats ahead, it must not come at the expense of the potential opportunities and societal benefits that may be possible in this new frontier of knowledge. Instead of the fear-mongering that has produced the data deserts, aspirational objectives that reinforce privacy while also enabling secure data sharing in order to reap the benefits of the imminent tech frontier will be game-changing. This is the future we should aspire to.
Note: Want to learn how data scarcity impacts security research? My colleague, Jack Britton, will be discussing this next month at HotSec ‘19 at the USENIX conference in Santa Clara. His talk is titled: It’s not a data deluge, it’s a data desert: Security’s data scarcity problem.