Tech companies aren’t shy about how much they know about us. In fact, it’s right in my face every time I log on to my accounts: advertisements for running shoes I looked at online last week; condo rentals for the post-pandemic trip I’ve been quietly planning for months; and recommended dachshund Facebook groups likely based on the many pics of my pups I share. Big data — and the big data monopolies that cause it — open up problems for users and doors for threat actors.

While it’s always bugged me and felt a bit like I was being stalked, I had only worried about the data collection in terms of privacy. I don’t like that companies know more about me than most of my friends do. But, this problem isn’t new. Yet, each day it becomes bigger. Let’s take a look at what this means for security experts and break it down into more chewable parts.

Why Big Data Monopolies Are a Problem

In 2018, Harvard Business Review explained that while tech monopolies like Facebook and Google have been targeted (and fined) by European regulators, they have escaped U.S. antitrust regulations. These data monopolies open up many intriguing and worrisome risks. For example, they can make surveillance and security difficult, hoard wealth and affect the public debate, including our perception of right and wrong.

After I was affected by several large breaches in the past, including those of Experian and Target, I recently had an even more worrisome thought. What happens if one (or more) of these data monopolies suffer data breaches? The damage caused by the amount of data compromised with a single attack would be terrible. And, the effects would likely spill over to many other industries and businesses. So what can we do to reduce the risk?

The problem is somewhat simple. Too much private data is controlled by single companies and stored in one location. But the solution is very complex. From where I sit, I see a twofold approach working best: preventing other data monopolies from emerging in the future and lowering the risk of our current data monopolies.

In truth, preventing more data monopolies from beginning or current ones from growing involves government decisions and oversight of mergers. Let’s take a look at solutions closer to home. How can security experts work with our current data giants to reduce risk as much as possible?

Is Data Portability the Answer?

Data portability is part of the solution. Increasing users’ control of their own data is a great step in the right direction. Most importantly, consumers need the ability to actually remove their information from the data monopolies’ data collections. This reduces their own personal risk of a breach. And each person who takes this step and actively manages their data reduces the collective risk and impact of a single breach.

However, consumers can only take this step if they know about the risk and know how to perform these actions. So, who is going to lead the effort to educate consumers? Data monopolies are likely only going to publicize these features as much as required by law. The task will likely then fall to the cybersecurity world to get the word out.

Interoperability Between Big Data Monopolies

Interoperability is often brought up in the conversation about data monopolies, with good reason. The Electronic Frontier Foundation proposes multipart legislation changes that require data monopolies to open up their systems to share data with competitors. While this effort is key to getting rid of data monopolies in the future and reducing current ones, in some ways it actually creates more risk.

With true interoperability, many smaller companies that may not have the same expertise as the top tech companies have access to sensitive data. Instead of a single huge breach, there could be an increase in moderate to large breaches overall. The answer lies in creating a security framework for storing and managing data for all companies. By focusing on interoperability without security, we are only solving a part of the problem.

Does Encryption in Use Help?

Yes. Encrypting data while at rest and in transit is becoming standard for more and more companies. But both of these strategies overlook something: data in use. Encryption in use means businesses can actually get insights from data while it remains encrypted, which keeps all personal user data safe.

By working with giant tech companies to encourage and possibly require this level of protection, we can reduce the likelihood of a breach, or at least reduce the impact. And, this path doesn’t interfere with using data in the right way. Instead, it protects consumers from the negative impact. In addition, making this level of encryption standard practice improves data security overall.

Big Data Monopolies Working Together

To help solve both the short- and long-term issues, IBM partnered with AWS to create a mutual compliance framework. By working together, the two companies determined security measures that both can agree on and adhere to. By focusing on how tech companies can work together, partner with consumers and work with regulators and government oversight committees, the security industry can make great strides toward reducing the weaknesses inherent in tech monopolies.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today