By Cliff Beek, President of Cloud Constellation Corporation
Passengers. Gravity. The Martian. These and many other films depict space as a hostile, frightening environment that threatens our safety and must be overcome. Sounds a lot like today’s hyper-connected network landscape. However, things are not always as they appear, and new technology may make space the safest place for data – ever.
To get a fuller picture of how this might be possible and why it may be necessary, we need to look at the current state of data to understand some of the primary forces undermining its safe storage and transport.
Data Security is Disappearing
In a global forecast analysis, Gartner predicted that the overall information security market would grow at a compound annual growth rate of 8.1 percent through 2020.
Yet, despite the increases in spending, the data breaches keep coming. The switch from perimeter to endpoint network security has not happened quickly enough, and it alone is insufficient to meet today’s advanced threats.
As we try to adjust to the new normal of billions of interconnected devices, the IoT continues to pose serious challenges. The Federal Trade Commission’s recent suit against a router manufacturer speaks to the severity of the threats that can be caused by insecure internet-connected devices. Last year’s massive Mirai botnet attack, which took most of the U.S. offline for a day, is a case in point.
As if these attacks weren’t disruptive enough, well-funded and determined hackers continue to find new ways to infiltrate the network. In its yearly Data Breach Industry Forecast, Experian predicted several trends that would take center stage in 2017. One of them will be international data breaches that will cause significant problems for multinational companies, particularly in light of preparation for the European Union (EU) General Data Protection Regulation (GDPR) to take effect (see below). The firm also predicts that healthcare organizations will be the most targeted sector this year, with sophisticated new attacks emerging.
A particularly worrisome trend is that of government-sponsored cyberattacks, which Experian predicts will escalate from espionage to proactive cyberwar. The Office of Personnel Management breach was a mere foretaste of things to come as nations ramp up their activities. Experts anticipate internet-based attacks to take down critical infrastructure this year, as well. It is also likely that, at least partly due to this activity, that government surveillance of data will increase.
The Necessary Hassle of Data Regulations
As more and more personal and organizational data falls under threat, increasing security measures and legislation has been put in place. These efforts have culminated in the GDPR, perhaps the apex of all data laws. The GDPR’s official site calls it “the most important change in data privacy regulation in 20 years.” One journalist likened it to the all-seeing Eye of Sauron from the Lord of the Rings trilogy.
The regulation covers both EU citizens and citizens of any other country residing in the EU. The goal of the GDPR is admirable: to unify data security, retention and governance legislation across EU member states to protect its population’s data. All companies processing the personal data of people residing in the EU, regardless of the company’s location, must comply. In other words, it’s a jurisdictional nightmare.
This legislation, which takes effect on May 2018, requires greater oversight of where and how sensitive data—such as personal, banking, health and credit card information—is stored and transferred. Most organizations will need to appoint a data privacy officer who reports to a regional authority, as well. EU residents have new rights, including data portability, the right to be forgotten (erasure) and to be notified within 72 hours of the discovery of a data breach.
To emphasize the importance of adherence to the GDPR, the EU has included significant fines for non-compliance. Organizations can be fined up to four percent of annual global revenue or €20 million – whichever is greater. It’s important to understand that these rules apply to both controllers and processors, which means clouds will not be exempt.
In light of the dire financial consequences, and with the compliance deadline just a little over a year away, one would assume organizations are rapidly transforming their data classification, handling, and storage methods to conform to the new ruling. But research findings from The Global Databerg Report (a survey of roughly 2,500 senior technology decision-makers in 2016 across Europe, the Middle East, Africa, the U.S., and the Asia Pacific) says that 54 percent of organizations have not advanced their GDPR compliance readiness.
What’s the hold-up? Well, the problem is that the GDPR is requiring organizations to address some of their thorniest data challenges, including fragmentation of data and loss of visibility. Cloud-based services and BYOD have only added to the confusion and, along with the default behaviors of data hoarding and poor management, create a “databerg” (see the report above) that becomes as dangerous and expensive as the iceberg that sank the Titanic.
Affected organizations have three options regarding GDPR compliance. They can ignore it, which is unwise on several levels. They can spend the next year scrambling to erect infrastructure and processes and deploy personnel to make sure they meet the stringent requirements.
Finally, they can remove the relevant data altogether from the GDPR’s jurisdiction. Which means taking it off-world.
Freedom Through Security
Though it may seem so at first, the idea of taking data off-planet is not far-fetched. There are already satellites ringing the Earth that regularly receive and transmit information; why not develop a system for secure, internet-free data storage and transmission? A space-based cloud storage network would provide government and private organizations with an independent cloud infrastructure platform, completely isolating and protecting sensitive data from the outside world.
This idea has gone beyond the “what if” stage. New technologies have been conceived to deliver this type of independent space-based network infrastructure for cloud service providers, enterprises and governments to experience secure storage and provisioning of sensitive data around the world. By placing data on satellites that are accessible from anywhere on Earth via ultra-secure dedicated terminals, many of today’s data transport challenges will be solved.
The GDPR’s stringent legislation is among them. Space-based data storage frees organizations from the jurisdiction-based restrictions that the regulation will impose. A satellite storage solution also removes today’s most pressing security concerns, since data will never pass through the internet or along its leaky and notoriously insecure lines. In-transit espionage, theft, and surveillance become impossible.
Data Safety Beyond Borders
The internet has become a many-headed monster; lop off one head with a security tool, and another pops up somewhere else. It is an unmanageable system in terms of data safety because it has so many access points. Space-based storage and transmission bypass the internet altogether to provide security and freedom from jurisdictional complications and surreptitious elements.
The film Alien taught us that “In space, no one can hear you scream.” Today’s off-planet perspective is much more positive. New frameworks for satellite-based storage and transmission may lead to a new catchphrase: In space, no one can steal your data.
About the Author
Cliff Beek is the president of Cloud Constellation Corporation. He has extensive experience with the management and financing of equity-backed ventures within areas of satellite, mobile broadband, mobile app development, and cloud infrastructure entities. Beek founded Star Asia Technologies and Laser Light Communications and served as the EVP at CoCo Communications. He holds an MBA from the Wharton School, University of Pennsylvania. Cliff can be reached online at @Cliff_Edges and at the company website, http://spacebelt.com/.