Forward-leaning companies today have two things in common, they leverage data lakes, and they are subject to regulation. Field CTO Adam Rusho from cloud data protection company Clumio talks with Security Technology Executive (STE) and explains that because many forward-leaning companies now leverage AI-native technologies or integrations that rely on vast data lakes, the security, compliance, and integrity of this foundational data will become an increasingly important aspect of any regulatory discussion. He also discusses why such aspects are key to data resilience, especially across highly regulated industries.
STE: Among talks of potential new AI regulations, how can organizations prepare now, to ensure the ongoing resiliency of organizational data?
Cybersecurity is prevention focused. Its strategy is concerned with the strength of the network, its traffic patterns, and access. Data security is recovery-focused, assuming from the onset that the network will eventually be breached. This approach focuses on doing everything possible to prevent any possible data theft, encryption, or deletion in the event of a breach. Data security has become a daunting task, considering the sheer amount of data that is now housed online - and AI technology will not make this easier. This will require organizations to enact proper data protection strategies now, to create a secure future.
STE: As more companies move to possess and deploy AI-native technologies or integrations, what initiatives must companies prioritize for continued data protection?
Rusho: AI-native technologies rely heavily on large data lakes for storage, and therefore data protection must become a consistent part of AI adoption. This includes the following:
● Scaling backup solutions to AI and machine learning needs. With terabytes of new data being generated daily, an organization’s data resilience platform should scale to petabytes of data and track millions of events and changes to data with high fidelity.
● Testing recoverability to make sure it meets an organization’s service level agreements. Backups are only useful if organizations can restore the exact data they need when they need it.
● Reviewing the total cost of ownership. Organizations must investigate cloud-native, cost-effective solutions for their long-term retention needs, as well as take stock of how much overhead is going into managing different copies of data.
STE: AI regulation will have a wide-ranging impact across different industries, but given the sensitivities that specifically come with the healthcare sector, how effective do you think they’ll be when protecting patient data?
Rusho: In an industry where data isn’t just important to company privacy, but also that of individual patients, regulation will likely be required within the healthcare sector much sooner than others. AI technology gives organizations the ability to create and innovate further than they ever have before, but it also creates an exposure risk of internal patient information that these new tools use to make processes simple, cost-effective, and more user-friendly. It is likely regulation will be highly effective and manageable to implement if standards are created based on patient protection - a value many leaders and organizations in the healthcare space already hold. Of course, this means healthcare organizations must work to guarantee that existing data is effectively meeting current compliance standards.
Cloud solutions like AWS have enabled healthcare organizations to decrease costs, improve operational and clinical efficiencies, and ultimately enhance overall patient care. Unfortunately, the stark increase in cyber-attacks in healthcare over the past several years contrasts with these innovations. Moreover, combined with an increase in compliance oversight and standards, healthcare organizations are now taking on the monumental effort of reevaluating how they protect data in the cloud, especially as it spans multiple public cloud services.
Applying strict data governance standards that keep data lakes backed up, air-gapped, immutable, and encrypted ensures that health tech networks can secure private information. It's also imperative for the protection and recovery to be simple. By simplifying data protection at scale, companies can define protection and recovery policies for particular data sets, optimizing costs and keeping in compliance with HIPAA and HITECH regulations - even as AI regulations become mandatory.
