Light Dark
April 15, 2021 By Mike Elgan 4 min read
Data Protection
Risk Management

The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage personal, business and government data use big-name cloud providers. Smartphone platform companies house and process terabytes of the data that flows through mobile networks. Social networks house and control the data on billions of people worldwide — certainly the personal data of effectively all employees in your company.

And, that creates challenges, too. For example, cyber criminals and state-sponsored threat actors find data held in a central hub a tempting target. It’s time for a wider conversation among security specialists and industry leaders about how to better protect this data. Let’s take a look at the risks and challenges of a big data monopoly.

What’s the Problem With a Big Data Monopoly?

There are many problems with a big tech monopoly from a security perspective. The companies that hold data monopolies are ripe targets for attackers. Many holders of this big data do have thorough security, since they know they’re targets, too. It’s tempting to relax about data on these platforms.

But it’s also true that cyber criminals, state-sponsored threat actors, blackmailers and others all have a giant incentive to go after the monopolies, because that’s where the most data is.

The risk is more complex and subtle than it first appears. For example, it could come from inside the house. Over-privileged authorized users or unauthorized users (such as former employees) can put you at risk of an insider threat. The same goes for partners, suppliers and others with potential access to that data.

Big data monopolies also mean more people might have access to your systems than you know. The giant data monopolies could have over-privileged authorized users or unauthorized users of their own. Partners, suppliers and others might have access that you might not think of. In other words, insider threats in another service can put your data at risk.

Another problem is that as companies get bigger, they have less insight into all their nooks and crannies. A dangerous lack of insight into cloud data can leave them at risk for all manner of hazards, from losing out on business to data breaches and data theft. Threat actors could be hiding inside the big data monopolies already, slowly exploiting the data while avoiding detection.

What’s Next for Big Data Monopolies?

The data monopolies are going through rapid change, which is also part of the risk.

In addition to dizzying growth, as the world produces more data, governments pressure companies to change the way they do everything. They probe and scrutinize nearly all the big data monopolies for possible violations of antitrust laws. While in the U.S., anti-trust action is based on whether consumers have been harmed, in Europe the issue is more focused on using anti-trust law to create a more level playing field among competing companies.

Global and National Rules

European lawmakers have expressed concern over the exclusive market insights and other powers inherent in possessing so much of the world’s data. Proposed remedies so far have included the sharing of some percentage of that data or their insights between competing companies. It’s not at all clear how this would affect the security and privacy of the groups that own this data.

Other voices in government, both in Europe and the U.S., have expressed the desire to break up these companies into smaller companies. Some data monopoly companies gain business advantage by sharing or copying data across different business units. What happens in the event that governments call for a breakup of these business units into separate companies?

The so-called ‘splinternet,’ whereby national boundaries change the rules for how global data-hosting companies operate, also affects data monopolies. Some countries don’t allow a growing list of data types. Others require the data relating to citizens or companies in a given country must be stored only in that country.

When we consider the history of such rules, we consider a tiny number of large countries forcing them. But what happens in a future where dozens or even more than a hundred countries make such demands? For global companies, this complex scenario alone comes with its own inherent risks.

It gets worse: Once data on local citizens or businesses are stored in-country, the potential for use or abuse by local cyber criminals, domestic spies, foreign spies and others grows.

When you consider the continued rapid growth of data monopolies, the antitrust action they face, and the rise of the so-called splinternet, it’s easy to draw the conclusion that cloud data is just going to get harder to defend.

How to Address the Data Monopoly Risk

But there are ways to make things more secure. The first step in tackling the larger threat from data housed on the data monopoly platforms is analysis. What is the sensitive or business critical data? Where is it and what are the potential risks? Who has access to this data and what is redundant?

For example: knowing where sensitive business data is, while accounting for the special risks and growing complexity of data monopoly platforms, can give us direction to reexamine where and how some business data is stored and managed.

A managed cloud service can help you get started. You also need a data risk control center where you can gain insights into business risks related to data wherever it resides, including with the big data monopolies. You need to prevent your findings from this in a way that enables the C-suite to understand and take action.

This point can’t be emphasized enough. Visibility isn’t just theoretical access to what’s going on. It means access that enables human understanding and prompt action. It demands clarity, not just information. Automation and artificial intelligence can help in the project of ongoing, actionable visibility and threat intelligence.

Increased insight into risk factors from your main response platform is one key to reducing risks, including risks that come with legal compliance. Doing both at once is key to success going forward. Without proactive, systematic design, your threat management tools are likely to end up as a disconnected, uncoordinated hodgepodge of tools that will fail to provide an actionable, full picture of what’s going on. Adding threat management lets you detect and respond to threats earlier and faster.

Risk Management in the World of Big Data Monopolies

A right-tools-for-the-job mindset is also paramount. But too many threat management tools are from the previous era, rather than purpose-built for the age of hybrid cloud and cloud-native tech.

The key is not to consider and manage data housed on the data monopoly platforms in isolation, but to integrate that data in the overarching risk management strategy. Of course, we’re talking about risk management using big data best practices.

Coping with the growing risk and complexity of data calls for special attention when so much of it is handled by monopolies.

 |  |  |  | 
Mike Elgan

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature