E D I T O R ' S Q U E S T I O N

In this context, with businesses generating and having access to more data than ever before, the questions of scalability and data security are becoming ever more pressing.

In the past, the analysis of this quantity of data would have been too timeconsuming to be practical. But now, with the advent of AI, we can interrogate data in depth and at a speed we would only have been able to dream of previously.

At one end of the scale, data can provide businesses with insights into their operations that enable them to optimise processes and supply chains. At the other end, AI can identify new and unexpected correlations between distinct data sets that might lead to entirely new opportunities and business cases.

We have also seen that those businesses with access to the most data are able to gain competitive advantage in the market when that data is exploited – in compliance with regulation – to its full potential. This might be their own proprietary data, or data to which they have access through some form of sharing arrangement, such as a data trust framework.

In addition, businesses increasingly rely on outsourced providers for a wide range of company functions, from payroll services housing employee data and financial information to CRM systems potentially holding a plethora of personal data relating to individual customers.

While all of this presents a wealth of commercial opportunity, it can also result in a large concentration of data which makes data security critical.

The security risk is exacerbated by the trend towards threat actors who steal data for malicious purposes( often extortion) taking an increasing amount of data.

Storing large volumes of data anonymously is cheaper, download speeds are quicker and reviewing and making sense of stolen data using AI-driven tools is easier. Where threat actors were previously taking gigabytes of data from organisations, we are now sometimes seeing multiple terabytes of data being exfiltrated.

The most acute data concentration concerns often arise in a supply chain context. A data security incident involving organisations to whom data processing is outsourced can have far-reaching consequences as there is the potential for that one incident to have a downstream impact on multiple organisations worldwide – take, for example, the 2023 incident affecting file transfer platform MOVEit.

The importance of data security, particularly within the data-related supply chain, is being reflected in both UK legislation, such as the Cyber Security and Resilience Bill, and EU legislation, such as DORA and NIS2. Through legislation and related regulation such as this, particularly in critical sectors, cyber and data security is coming under increasing scrutiny.

Those who can balance the opportunities that large volumes of data provide, whilst managing the risk that data concentration causes, will be best placed to thrive.

www. intelligentdatacentres. com 33