Tired of generic 2021 predictions about remote work, cloud, and data? Here are 10 specific trends to consider in your growth strategy:
By this point, most PMs know that the key to growth is a deep understanding of your target customers. Simply relying on internal ideas is not enough, nor is it enough to just look at google analytics and product usage data. You actually have to talk to the market.
But even if you are convinced to regularly interview customers to get the voice of the market, of the big blockers I have seen is simply HOW to go about it. How do you land customer interviews? What do you say during the customer interview?
A company is only as secure as its weakest link. But what if the weakest link isn't at the company at all, but rather one of its third-party suppliers? A company can reinforce its own security posture by training its staff and implementing the latest tech, but it still has to provide access and share information with its suppliers, and its suppliers’ suppliers, and so on along the chain. With each degree of separation, the company has less control over its suppliers’ security – especially small suppliers lacking security controls. But when there is a data breach, no matter how far along in the supply chain, the company itself bears the brunt of the consequences.
Traditional data protection has been about securing data behind the corporate perimeter, locking down IT systems and endpoints with firewall and data loss prevention (DLP) technology. Now there is an increasing recognition that traditional data protection is not working. Faced with the new realities of cloud, shadow IT, BYOD, increasing collaboration with 3rd parties, and “last mile” endpoints like USB devices… no matter how well you secure data behind the perimeter, your data will eventually leak.
In their DLP magic quadrant analysis, Gartner said “At present, even with extensive DLP coverage across endpoints, networks and data repositories, there are still gaps and data flows where data can leak. The better answer is a data security strategy focused on securing the data itself, as opposed to trying to secure every system that comes in contact with sensitive data.”
What Gartner is talking about is a revival of Digital Rights Management (DRM) technology, that embeds encryption directly in a company’s valuable data assets themselves – their sensitive files and e-mails – so that even if the data does leak beyond the perimeter, it’s still protected.
Much like AI and Blockchain, Digital Rights Management technology is an extremely attractive concept that has had implementation challenges, but is now starting to overcome those implementation obstacles to go mainstream, most notably Microsoft Azure Information Protection (AIP). Here’s a look at what to expect.
When you think data protection and data privacy, you might think of hackers trying to get past your company's firewall and into your computer to steal your data. But by far the main reason why data breaches are so rampant today has little to do with external hackers. The main cause of data breaches is insider threats. Insider threats are trusted employees, contractors, suppliers and partners, who leak private data into the wrong hands. Sometimes insider threats leak intentionally, but the vast majority of the time, it's just people innocently leaking your data without even knowing it.
Because insiders - your employees, contractors, suppliers, vendors - have access to data to do their jobs, it is really hard to prevent them from leaking it! Few good solutions exist today, but the race is on to solve the insider threat problem. The key is to first deeply understand the roots of the insider threat problem.
There’s a lot of excitement in the security world today around artificial intelligence (AI) and, more specifically, machine learning (ML). CSO Online lists their top 5 use cases for machine learning in security which include detecting malicious activity in the network, automating repetitive tasks, and analyzing large volumes of data for threat intelligence. But another immediate application of machine learning will be in data protection and the prevention of data leaks.
The General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) introduced a higher bar than ever before for data protection, in all industries. It applies to any company that comes in contact with any form of European personal data. Article 32 of the GDPR, covering the security of processing recommends the use of encryption for personal data. In fact, encryption is increasingly recognized as the “get out of jail free card”, because GDPR does not require you to report a data breach if it involves data that was encrypted, giving companies a powerful incentive to re-think their company-wide encryption strategy.
Remember 2017? You couldn't get on LinkedIn without seeing tons of articles about all the different industries that blockchain was going to disrupt. Blockchain was at the top of Gartner's "hype cycle" and, if you read a little further into their report, was expected to transition into the trough of disillusionment. So where is Blockchain now?
Here in Canada we had a small online payment processor, Koho Financial, get breached. They are a startup, only 107 employees, but process billions of dollars of payments a year. The breach cost them millions. FinTech has not had a lot of major public data breaches in recent years compared to most other industries. Perhaps they are more diligent in their security practices, or maybe they're just better at keeping it under wraps?
When an incident does occur though, even to small companies, so much money flows through them that the impact can be spectacular.
What is SupTech?
A technology segment that is experiencing a lot of spotlight right now is called RegTech. RegTech enables companies to be more effective at meeting their regulatory and compliance obligations. Since the crisis, financial regulations have increased, and other regulations have followed suit (in manufacturing, data privacy, etc.) The result is that companies, especially enterprise, have a myriad of compliance obligations that are very time consuming and for which they are at risk of being penalized. RegTech addresses this problem, helping those companies to automate their internal data collection, analysis, reporting, attestation, etc.
But there is now an emerging subset of RegTech called SupTech, short for supervisory technology. The idea is that it’s not just regulated entities that can benefit from tech, but also the regulators themselves.