Virtualization Technology News and Information
Imperva 2022 Predictions: The Future of Data Privacy & Protection

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

The Future of Data Privacy & Protection

By Terry Ray, Imperva

In 2022, organizations will reevaluate their data security investments and policies in a bid to boost consumer data privacy and lower related compliance violations. In the last few years, fines for data privacy violations have not come from a lack of data identification and classification, but from a lack of technical understanding and efficient data security tools that assist organizations' ability to warn government officials of data compromise or to thwart breaches.

GDPR became enforceable in 2018. Four years on, organizations find that what they thought was the most critical and challenging aspect of GDPR and subsequent other global privacy regulations in fact is not as critical as they thought. 

For years prior to modern privacy regulations, organizations knew that they had only cursory knowledge of the locations where they stored private data. Some monitored access to where they thought it should be, others knew where it should be, but had no idea whether it could have moved someplace else. In addition to having fundamental data security requirements, privacy regulations introduced a forcing action on organizations to find private data and expose some elements of its location and usage to consumers. GDPR took one more step by assigning the responsibility of ensuring data privacy to a legal role - the Data Protection Officer.

These factors, of needing to find data deeper than organizations had previously, share aspects of that data usage with consumers and shift a technical enterprise requirement to a non-technical lead, the DPO created an interesting situation that for many is up for renewal in 2022. 

Leading up to 2018 in preparation for GDPR, organizations and their DPOs searched for technologies that addressed data discovery and classification with the vernacular used by modern privacy regulations and found few options. This opened the door to new vendors offering scaled down versions of data security tools focused solely on privacy areas whittled off of full stack data security suites.

In 2022, organizations will take note that many of the largest fines have not come from an inability to know where data is and how to share its usage. But instead at a technical level, the fines have come from a fundamental lack of data security and the inability to prevent or identify data breaches and adequately inform authorities. It's this awareness that will begin an internal review of whether a legal team and DPO should own an enterprise technical requirement that directly overlaps data security efforts and requirements already present, in many cases before 2018, in a CISOs team.

The questions they will ask, are do we have a duplication of effort? Regardless of the regulation, which team is most equipped to both make use of data discovery and classification for risk, as well as apply that knowledge to security monitoring and protection across the organization. 

The GDPR induced technical split of discovery and classification from data security fundamentals and owners will begin its shift back into mainstream unified data security in 2022 and beyond. 

At Imperva, our technology revolves around data security, data protection, and data privacy. As new privacy laws, such as the Californica Consumer Privacy Act (CCPA), come into effect, we're continuously keeping a close eye on how regulations continue to change, and how we need to adjust our solutions as data protectors. In 2022 and the future, we can except other US states to follow California's suit and require certain compliance regulations to further protect how companies use customer data. Companies may be hit with consequences like hefty fines if not compliant, yet no matter what the future holds for regulatory compliance, Imperva will be at the forefront of data protection, ensuring all data is kept private.



Terry Ray 

Terry Ray is an Imperva Fellow and has global responsibility for Imperva's technology strategy. He was Imperva's first U.S.-based employee and previously served as Imperva's chief technical officer, chief product strategist, and vice president of security engineering. Terry has worked closely with customers on hundreds of application and data security projects to meet the security requirements and demands of regulators in every industry. Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, Gartner, IANS and other professional security and audit organizations in the Americas and abroad. Terry holds a B.A. in management information systems from the University of North Texas.

Published Friday, January 14, 2022 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>