With a fresh year now underway, all businesses are looking ahead to their priorities for 2015, and if last year has taught IT departments anything, it's that data security needs to be high up on the agenda. Recently, we've seen the likes of major breaches at eBay in 2014 and Adobe in 2013, and even celebrities like Jennifer Lawrence learned the hard way about the harm a data breach can cause.
A security mishap, or even a potential data breach, can derail the most important of projects. So what has 2015 got in store that could impact business data security? Take a look below to find out…
EU General Data Protection Regulation
Businesses may think they have a future-proof IT strategy in place, but substantial regulation changes on the horizon will force a considerable rethink. The EU Data Protection Regulation, which should come into force in 2017 (but will be adopted this year), will ramp up businesses' responsibility for data security, increasing sanctions for mishandling it. In short, this means fines of up to 2% of annual global turnover and possibly a requirement to report a breach within 24 hours.
This has ramifications for any strategy that is based around data – like BYOD, storage, internet of things and cloud. Because the changes in law are radical, organisations will have to work hard in 2015 to have a chance of complying and avoiding substantial fines when the new laws come in.
Big data innovation
2015 will see even more businesses take advantage of the power of the data they hold. From using analytics to gain greater business insight, to schemes such as the NHS care.data initiative, organisations are doing more with their big data.
However, due to the numerous data breach stories in the press, many organisations are unwilling to engage in innovative data schemes for fear of it increasing the chances of a data leak, as demonstrated by the difficulties care.data has run into. For many, there's a lot at stake if this goes wrong: reputation, the risk of heavy fines from the ICO, and public outcry that could put a halt to any progress already made.
What we could see this year is innovation being stifled by data leak worries, and to avoid this organisations should think about data security at the start of the project, and ensure it is incorporated throughout its lifecycle. This needs to take into account every aspect of the project, from the devices being used to the platform that is accessing this data.
(Even) more mobile
While this has been a trend for the last couple of years, the increased use of mobile devices by employees is not slowing down. Whether an employee-owned (BYOD) or corporately owned and personally enabled (COPE) device, the growth in devices means a corresponding increase in endpoints, all of which are potential security vulnerabilities.
With the proliferation in device types, form factors and operating systems, it's even more important that whatever security solution is in place is device agnostic, and able to cope with any type of new technology. That way firms are able to take an employee rather than device-centric approach to data security and device management.
Last year we saw mobile devices starting to do more, with the contactless payment and fingerprint recognition technology in Apple's latest devices an example of this. What we're going to see in 2015 is an increase in what mobile devices are capable of doing.
For example, Apple's Touch ID fingerprint scanner has so far been used to unlock the handset itself and as a verification tool when making purchases through Apple's App store. However, now that iOS 8 has made this functionality available to third-party developers, users will soon have the ability to unlock a greater range of apps via their fingerprints.