The Arab Spring of Privacy Is Upon Us, Suni Munshani’s contribution to his Wired Innovation Insights blog on November 7, 2014 was picked up by the main Wired site. It is republished here in its entirety:
Lately it seems not even a week goes by without news of a major data breach at one of our favorite retailers, banks or web sites. It’s become so common that each incident now follows a similar script: Company announces that tens of millions of their customers may have had their personal information stolen by hackers who gained access through flaws in their IT systems. The company apologizes and offers to pay for a year of credit monitoring services for impacted customers who, in turn, have new credit or debit cards issued to replace the accounts that may have been compromised. After the news fades, the company is left to figure out how to better protect their data while consumers just shrug their shoulders, seemingly resigned to the fact that such incidents are simply part of living in a digitized and connected society.
Should we be so accepting? Or should we demand that those companies entrusted with our personal information do a much better job of protecting it? It’s one thing to have your credit card data stolen but a completely different matter when someone gains access to intimate details about your family, your retirement savings accounts, or your genetic test results. We, as individuals and as a society, need to decide whether to live with the status quo or demand a new era of data security. Is the Arab Spring of privacy upon us?
After living for generations under repressive regimes, many citizens in the Arab world began taking to the streets in 2010 to demand that government be more responsive to their needs. After decades of believing they had no power, these people decided that they should get to choose who their leaders are and how they should serve their citizens. Many regimes are able to stay in power through brute force, but several leaders are overthrown and still others institute reforms to address concerns raised by the protesters.
When it comes to data security and privacy, consumers feel powerless. They cannot force the companies they do business with to better protect their information. And the stronghold many companies have over our personal data is not unlike the control some of the Arab dictators have over their citizens’ lives.
Up until now, most data security efforts have been focused on making it harder for unauthorized users to gain access to customers’ data. Companies build stronger and stronger fortresses around their data in a constant effort to stay ahead of the increasingly effective weapons hackers use to break through. Once inside the walls, however, unauthorized users have full access to highly sensitive data and personal identifying information, often available in plain text and able to be sold to the highest bidder.
But there’s a better way to protect the data that your customers hold dear. In a zero knowledge environment, sensitive data is transformed into random numbers, letters or other characters in such a way that still allows the data to flow through required processes but is unable to be understood by anyone who doesn’t have permission to access it. In other words, even if hackers were to get around the firewalls and other defenses put in place around the data, all they would see is meaningless gobbledygook.
This level of data security is now commonplace in the payments industry. However, data security is increasingly moving beyond payments data to data privacy – protecting the ever-growing amount of information that is being generated and collected. The exponential growth of data generation and need for elastic, highly scalable infrastructure, is leading to a more central role for cloud services and Big Data platforms, such as Hadoop. These platforms are designed to analyze massive data sets for transformative insights, and are uniquely capable of consuming data very rapidly.
As much of this data is or will soon be considered sensitive according to internal or external regulations, modern businesses will increasingly require a highly transparent data security solution that can protect the data without obstructing business operations or analysis. If companies protect the data itself in a zero knowledge environment, it is free to be used by authorized users and useless to non-authorized users.
Once consumers awaken to these issues, businesses that understand and act on establishing a zero knowledge environment will be able to acquire and keep customers based on their reputation for safely protecting their customers’ data. Centralized, data-centric security will be a competitive advantage. Privacy will be another trait or brand attribute customers use to determine whether they will do business with your company. Organizations that are not at the cutting edge of their industries when it comes to data protection should be fearful about losing market share to companies who do a better job at privacy.
We could very well be witnessing the beginnings of a revolutionary wave of users demanding vendors protect the data itself instead of simply building walls around it. The revolt is coming. But instead of protests and armed conflict, customers looking to gain back control of their sensitive information will have one of the greatest weapons at their disposal: a choice with whom they do business.
The Arab Spring of privacy is upon us.
Suni Munshani is CEO of Protegrity.