Light Dark
April 30, 2021 By Jennifer Gregory 3 min read
Data Protection
Security Services

Tech companies aren’t shy about how much they know about us. In fact, it’s right in my face every time I log on to my accounts: advertisements for running shoes I looked at online last week; condo rentals for the post-pandemic trip I’ve been quietly planning for months; and recommended dachshund Facebook groups likely based on the many pics of my pups I share. Big data — and the big data monopolies that cause it — open up problems for users and doors for threat actors.

While it’s always bugged me and felt a bit like I was being stalked, I had only worried about the data collection in terms of privacy. I don’t like that companies know more about me than most of my friends do. But, this problem isn’t new. Yet, each day it becomes bigger. Let’s take a look at what this means for security experts and break it down into more chewable parts.

Why Big Data Monopolies Are a Problem

In 2018, Harvard Business Review explained that while tech monopolies like Facebook and Google have been targeted (and fined) by European regulators, they have escaped U.S. antitrust regulations. These data monopolies open up many intriguing and worrisome risks. For example, they can make surveillance and security difficult, hoard wealth and affect the public debate, including our perception of right and wrong.

After I was affected by several large breaches in the past, including those of Experian and Target, I recently had an even more worrisome thought. What happens if one (or more) of these data monopolies suffer data breaches? The damage caused by the amount of data compromised with a single attack would be terrible. And, the effects would likely spill over to many other industries and businesses. So what can we do to reduce the risk?

The problem is somewhat simple. Too much private data is controlled by single companies and stored in one location. But the solution is very complex. From where I sit, I see a twofold approach working best: preventing other data monopolies from emerging in the future and lowering the risk of our current data monopolies.

In truth, preventing more data monopolies from beginning or current ones from growing involves government decisions and oversight of mergers. Let’s take a look at solutions closer to home. How can security experts work with our current data giants to reduce risk as much as possible?

Is Data Portability the Answer?

Data portability is part of the solution. Increasing users’ control of their own data is a great step in the right direction. Most importantly, consumers need the ability to actually remove their information from the data monopolies’ data collections. This reduces their own personal risk of a breach. And each person who takes this step and actively manages their data reduces the collective risk and impact of a single breach.

However, consumers can only take this step if they know about the risk and know how to perform these actions. So, who is going to lead the effort to educate consumers? Data monopolies are likely only going to publicize these features as much as required by law. The task will likely then fall to the cybersecurity world to get the word out.

Interoperability Between Big Data Monopolies

Interoperability is often brought up in the conversation about data monopolies, with good reason. The Electronic Frontier Foundation proposes multipart legislation changes that require data monopolies to open up their systems to share data with competitors. While this effort is key to getting rid of data monopolies in the future and reducing current ones, in some ways it actually creates more risk.

With true interoperability, many smaller companies that may not have the same expertise as the top tech companies have access to sensitive data. Instead of a single huge breach, there could be an increase in moderate to large breaches overall. The answer lies in creating a security framework for storing and managing data for all companies. By focusing on interoperability without security, we are only solving a part of the problem.

Does Encryption in Use Help?

Yes. Encrypting data while at rest and in transit is becoming standard for more and more companies. But both of these strategies overlook something: data in use. Encryption in use means businesses can actually get insights from data while it remains encrypted, which keeps all personal user data safe.

By working with giant tech companies to encourage and possibly require this level of protection, we can reduce the likelihood of a breach, or at least reduce the impact. And, this path doesn’t interfere with using data in the right way. Instead, it protects consumers from the negative impact. In addition, making this level of encryption standard practice improves data security overall.

Big Data Monopolies Working Together

To help solve both the short- and long-term issues, IBM partnered with AWS to create a mutual compliance framework. By working together, the two companies determined security measures that both can agree on and adhere to. By focusing on how tech companies can work together, partner with consumers and work with regulators and government oversight committees, the security industry can make great strides toward reducing the weaknesses inherent in tech monopolies.

 |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature