Tech companies aren’t shy about how much they know about us. In fact, it’s right in my face every time I log on to my accounts: advertisements for running shoes I looked at online last week; condo rentals for the post-pandemic trip I’ve been quietly planning for months; and recommended dachshund Facebook groups likely based on the many pics of my pups I share. Big data — and the big data monopolies that cause it — open up problems for users and doors for threat actors.

While it’s always bugged me and felt a bit like I was being stalked, I had only worried about the data collection in terms of privacy. I don’t like that companies know more about me than most of my friends do. But, this problem isn’t new. Yet, each day it becomes bigger. Let’s take a look at what this means for security experts and break it down into more chewable parts.

Why Big Data Monopolies Are a Problem

In 2018, Harvard Business Review explained that while tech monopolies like Facebook and Google have been targeted (and fined) by European regulators, they have escaped U.S. antitrust regulations. These data monopolies open up many intriguing and worrisome risks. For example, they can make surveillance and security difficult, hoard wealth and affect the public debate, including our perception of right and wrong.

After I was affected by several large breaches in the past, including those of Experian and Target, I recently had an even more worrisome thought. What happens if one (or more) of these data monopolies suffer data breaches? The damage caused by the amount of data compromised with a single attack would be terrible. And, the effects would likely spill over to many other industries and businesses. So what can we do to reduce the risk?

The problem is somewhat simple. Too much private data is controlled by single companies and stored in one location. But the solution is very complex. From where I sit, I see a twofold approach working best: preventing other data monopolies from emerging in the future and lowering the risk of our current data monopolies.

In truth, preventing more data monopolies from beginning or current ones from growing involves government decisions and oversight of mergers. Let’s take a look at solutions closer to home. How can security experts work with our current data giants to reduce risk as much as possible?

Is Data Portability the Answer?

Data portability is part of the solution. Increasing users’ control of their own data is a great step in the right direction. Most importantly, consumers need the ability to actually remove their information from the data monopolies’ data collections. This reduces their own personal risk of a breach. And each person who takes this step and actively manages their data reduces the collective risk and impact of a single breach.

However, consumers can only take this step if they know about the risk and know how to perform these actions. So, who is going to lead the effort to educate consumers? Data monopolies are likely only going to publicize these features as much as required by law. The task will likely then fall to the cybersecurity world to get the word out.

Interoperability Between Big Data Monopolies

Interoperability is often brought up in the conversation about data monopolies, with good reason. The Electronic Frontier Foundation proposes multipart legislation changes that require data monopolies to open up their systems to share data with competitors. While this effort is key to getting rid of data monopolies in the future and reducing current ones, in some ways it actually creates more risk.

With true interoperability, many smaller companies that may not have the same expertise as the top tech companies have access to sensitive data. Instead of a single huge breach, there could be an increase in moderate to large breaches overall. The answer lies in creating a security framework for storing and managing data for all companies. By focusing on interoperability without security, we are only solving a part of the problem.

Does Encryption in Use Help?

Yes. Encrypting data while at rest and in transit is becoming standard for more and more companies. But both of these strategies overlook something: data in use. Encryption in use means businesses can actually get insights from data while it remains encrypted, which keeps all personal user data safe.

By working with giant tech companies to encourage and possibly require this level of protection, we can reduce the likelihood of a breach, or at least reduce the impact. And, this path doesn’t interfere with using data in the right way. Instead, it protects consumers from the negative impact. In addition, making this level of encryption standard practice improves data security overall.

Big Data Monopolies Working Together

To help solve both the short- and long-term issues, IBM partnered with AWS to create a mutual compliance framework. By working together, the two companies determined security measures that both can agree on and adhere to. By focusing on how tech companies can work together, partner with consumers and work with regulators and government oversight committees, the security industry can make great strides toward reducing the weaknesses inherent in tech monopolies.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…