The data security industry has seen phenomenal growth over the past decade. However, with 2017 being another record-breaking year for security and data breaches, and ransomware attacks across the globe, it would seem the security industry is still a work in progress. The significant rise in computing capabilities, AI, and machine learning is providing new ammunition for adversaries to break into advanced systems and military installations on a global scale. Take into account quantum computing and its potential to make every existing encryption standard useless, and the scope of this madness reaches another alarming level.
Is There A Remedy?
Unfortunately, there isn’t a silver bullet to end the malaise. The cure can start only with people realising and accepting that their personal data is being generated, captured and processed on a day to day basis with or without their consent. Every time you’re at an intersection that has a CCTV, book a cab for your commute, chat on IM, share a pic on social media, or even just have the Wi-Fi activated on your phone, you’re generating and communicating data. With the internet becoming ubiquitous, there is no going back on this reality unless you choose to become a Hobbit. Let’s face it – there will never be a blanket “opt-out” button for you to stop generating data.
The real trouble is that a significant engineering rethink has not taken place in the way data is being stored, accessed and processed. Yes, we have developed advanced data structures with improved efficiency and frequently fine-tune the most common algorithms, but we still persist with age-old client server architecture. Since the early days of computing, these bulky machines have occupied over thousands of square feet at large corporations or universities with significantly less computing, memory, processing and networking capabilities even compared to a modern smartphone. We carried this approach forward into the 1990s, when the internet burst into the mainstream, and it is going strong even today.
Why Fix Something Which Is Not Broken?
Well, somewhere along the way in the past 10-15 years, a significant amount of PII (Personally Identifiable Information) started getting generated with the advent of portable devices (laptops with Wi-Fi capabilities and smartphones). These gave a whole new flavor to the traditional lifeless data stored in the servers. All of a sudden, the age of hyper personalisation has dawned upon us and a race has commenced between various tech giants to collect as much data as possible about an individual for “effective and targeted” campaigns. Every major corporation is busy building their own data repositories using ruthless and unethical ways. This siloed mentality limits innovation and acts as a hindrance to the greater good of humanity. Naturally, this highly granularised and personalised data set is also a prime target of the bad guys in the picture, leading to massive data breaches and subsequent media frenzy.
This is the premise of the big debate taking place across the globe – if it’s my data that’s being recorded, what gives you the right/authority to store it at your end? This question is a natural derivative of the traditional client server architecture of data storage discussed above. It’s definitely a tricky situation that the world has come to. In the age of instant gratification, individuals also want things to be available with a click or a swipe without having to compromise on the privacy of their data. A short summarisation of the issue would be – can we have a balance between security, data privacy and convenience?
On A Concluding Note
An effective solution would be to flip the traditional model of the client-server architecture and have the data reside with the individual. Sounds interesting, but is there a way? Enter blockchain technology, the foundation of cryptocurrencies like Bitcoins, Ethereum and the like. If you are the user, then your device (read smartphone or laptop) will store the data and make it available across a trusted network backed by blockchain. The data will never leave your device or premise, you get to monitor what data gets captured by various applications/services and you can view an audit trail of access at any point. Most importantly, you choose to grant or deny access to your data.
As a result of using blockchain technology, the traditional “god-level” data access and storage by a central entity will be disrupted without affecting any major application functionality. Yet, it will leapfrog the traditional data security paradigm and provide a new dimension to data privacy. This approach will restore data privacy to the owner who is the true custodian. The monopoly over data ownership by a few organisations will also be broken and, due to the even distribution of data, the problem of data breaches will be solved once and for all.