2018 has been a significant year for AI/Machine Learning, and we can clearly see a race for AI dominance in the global market.
This race for AI superiority is creating a gold rush to collect data at a scale we have never seen before, and it is going to accelerate even more with the proliferation of IoT devices. The complete digitization of our whole world is really happening.
It is estimated that by 2023 humanity will spend $2.7 Trillion annually tracking every detail of its existence.
This trend will create a massive challenge for managing data ownership, privacy and security.
In 1998 L0pht, the notorious hacker group, came to testify in front of the Senate and warned us all that the future held an array of challenges around cybersecurity. They foresaw what the darker side of network connectivity would give us. In May of this year they returned with a brighter view of the world, as core industry stakeholders, Apple, Google and Microsoft, have made significant improvements. But for the rest of the industry their warnings continued. “It’s extremely difficult for the consumer—and the consumer could be you, or it could be an entire corporation or government—to actually differentiate products and solutions with good security hygiene from those lacking it,” Zatko said. Over the next several years executives around the world acknowledge that they expect to see a threefold increase in the number of attacks. The culprit will most likely be 3rd Party vendors within their supply chain. The Director of US national intelligence has put out a report showing that every vendor the US Government works with could be a potential vulnerability. As such, any vendor that works with the US government or their vendors should have a higher level of standards for security and compliance. In February of this year the U.S. Department of Defense highlighted Cyber as the number one threat to national security.
As a result, customers and governments are going to demand stricter governance and compliance.
For companies that do not take the requirements of security and privacy in software development seriously, government regulation can and will force them to consider carefully how they build their software and what data they store. Europe has already passed GDPR, a set of rules that require companies to think carefully about how they collect and manage consumer data. It also comes with audit requirements, and the penalties are heavy when a company is found out of compliance. Facebook and Google have already been hit with 8.8 Billion dollars in fines. In June of this year, California passed strict data privacy protection. Cities are also passing local legislation around data privacy. San Francisco has one data privacy initiative on the ballot that bars companies from working with the city, unless they hit certain criteria on how they manage their customers’ data.
Enterprises will soon be pushing data compliance & security requirements onto all of their 3rd party vendors. Those vendors have become the weakest link in securing their organization.
Current business software standards are significantly lacking to provide any meaningful data protection. A key example of the lack in software maturity would be the Equifax breach, which would have been completely preventable if more rigorous software standards were followed. Though Equifax has since leveled up, it took an act of US Congress to really make a change there. Existing software that fails to protect the data will have to be re-written. Apple, Microsoft, Google and Netflix understand, and have taken steps to improve their software development standards, but the number of companies building software without baking in security and compliance still far exceed the ones that do.
The new battleground for cybersecurity needs to be Software and the Data.
Developing software that protects the data properly using current tools will result in significant increases in development and audit cost. As a result, a category of products that help companies ensure that they are building software that protects the data will have to emerge. This is what we are focusing on at New Context, and we are delivering Secure Compliant Data Platforms to our customers in highly regulated industries. We apply the principles of Lean Security and offer tools like LS/IQ to support our approach.
Contact us to learn more and engage with a leading team of security aware developers and security researchers.