The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage personal, business and government data use big-name cloud providers. Smartphone platform companies house and process terabytes of the data that flows through mobile networks. Social networks house and control the data on billions of people worldwide — certainly the personal data of effectively all employees in your company.

And, that creates challenges, too. For example, cyber criminals and state-sponsored threat actors find data held in a central hub a tempting target. It’s time for a wider conversation among security specialists and industry leaders about how to better protect this data. Let’s take a look at the risks and challenges of a big data monopoly.

What’s the Problem With a Big Data Monopoly?

There are many problems with a big tech monopoly from a security perspective. The companies that hold data monopolies are ripe targets for attackers. Many holders of this big data do have thorough security, since they know they’re targets, too. It’s tempting to relax about data on these platforms.

But it’s also true that cyber criminals, state-sponsored threat actors, blackmailers and others all have a giant incentive to go after the monopolies, because that’s where the most data is.

The risk is more complex and subtle than it first appears. For example, it could come from inside the house. Over-privileged authorized users or unauthorized users (such as former employees) can put you at risk of an insider threat. The same goes for partners, suppliers and others with potential access to that data.

Big data monopolies also mean more people might have access to your systems than you know. The giant data monopolies could have over-privileged authorized users or unauthorized users of their own. Partners, suppliers and others might have access that you might not think of. In other words, insider threats in another service can put your data at risk.

Another problem is that as companies get bigger, they have less insight into all their nooks and crannies. A dangerous lack of insight into cloud data can leave them at risk for all manner of hazards, from losing out on business to data breaches and data theft. Threat actors could be hiding inside the big data monopolies already, slowly exploiting the data while avoiding detection.

What’s Next for Big Data Monopolies?

The data monopolies are going through rapid change, which is also part of the risk.

In addition to dizzying growth, as the world produces more data, governments pressure companies to change the way they do everything. They probe and scrutinize nearly all the big data monopolies for possible violations of antitrust laws. While in the U.S., anti-trust action is based on whether consumers have been harmed, in Europe the issue is more focused on using anti-trust law to create a more level playing field among competing companies.

Global and National Rules

European lawmakers have expressed concern over the exclusive market insights and other powers inherent in possessing so much of the world’s data. Proposed remedies so far have included the sharing of some percentage of that data or their insights between competing companies. It’s not at all clear how this would affect the security and privacy of the groups that own this data.

Other voices in government, both in Europe and the U.S., have expressed the desire to break up these companies into smaller companies. Some data monopoly companies gain business advantage by sharing or copying data across different business units. What happens in the event that governments call for a breakup of these business units into separate companies?

The so-called ‘splinternet,’ whereby national boundaries change the rules for how global data-hosting companies operate, also affects data monopolies. Some countries don’t allow a growing list of data types. Others require the data relating to citizens or companies in a given country must be stored only in that country.

When we consider the history of such rules, we consider a tiny number of large countries forcing them. But what happens in a future where dozens or even more than a hundred countries make such demands? For global companies, this complex scenario alone comes with its own inherent risks.

It gets worse: Once data on local citizens or businesses are stored in-country, the potential for use or abuse by local cyber criminals, domestic spies, foreign spies and others grows.

When you consider the continued rapid growth of data monopolies, the antitrust action they face, and the rise of the so-called splinternet, it’s easy to draw the conclusion that cloud data is just going to get harder to defend.

How to Address the Data Monopoly Risk

But there are ways to make things more secure. The first step in tackling the larger threat from data housed on the data monopoly platforms is analysis. What is the sensitive or business critical data? Where is it and what are the potential risks? Who has access to this data and what is redundant?

For example: knowing where sensitive business data is, while accounting for the special risks and growing complexity of data monopoly platforms, can give us direction to reexamine where and how some business data is stored and managed.

A managed cloud service can help you get started. You also need a data risk control center where you can gain insights into business risks related to data wherever it resides, including with the big data monopolies. You need to prevent your findings from this in a way that enables the C-suite to understand and take action.

This point can’t be emphasized enough. Visibility isn’t just theoretical access to what’s going on. It means access that enables human understanding and prompt action. It demands clarity, not just information. Automation and artificial intelligence can help in the project of ongoing, actionable visibility and threat intelligence.

Increased insight into risk factors from your main response platform is one key to reducing risks, including risks that come with legal compliance. Doing both at once is key to success going forward. Without proactive, systematic design, your threat management tools are likely to end up as a disconnected, uncoordinated hodgepodge of tools that will fail to provide an actionable, full picture of what’s going on. Adding threat management lets you detect and respond to threats earlier and faster.

Risk Management in the World of Big Data Monopolies

A right-tools-for-the-job mindset is also paramount. But too many threat management tools are from the previous era, rather than purpose-built for the age of hybrid cloud and cloud-native tech.

The key is not to consider and manage data housed on the data monopoly platforms in isolation, but to integrate that data in the overarching risk management strategy. Of course, we’re talking about risk management using big data best practices.

Coping with the growing risk and complexity of data calls for special attention when so much of it is handled by monopolies.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today