Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Well, Sony isn’t exactly a traditional target, is it? Why are we seeing so many nonfinancial organizations being attacked?  

Look at where the real value is today. The recent IPO of LinkedIn is a good example. Why did their stock price double within hours of their IPO? It’s because they have all of this information about users and their habits that people either indirectly or directly provide about themselves, and it’s the same reason Facebook is valued at tens of billions of dollars: the information can be mined, aggregated, and used for marketing purposes. This is very valuable information.

That means consumers run the risk of seeing their information breached or leaked no matter which services they use?

Many of us accept the idea that information about ourselves is not something we have control over, and in most cases we have no idea where it goes when it’s out of our hands. Take the recent breach at [e-mail marketing firm] Epsilon, for example: how many consumers impacted by this had even heard of Epsilon before their breach disclosures started? Meanwhile, organizations that collect that information often don’t have as strong a sense of stewardship over it as they should. Also, breaches can be much more serious when they happen to companies that provide software-as-a-service. And we’re starting to see more of these [when] a vulnerability or weakness is disclosed or exposed in one common kind of platform or infrastructure, and then you may see a bunch of these incidents cascade. So what might have been one breach for a relatively small company turns into a breach that affects dozens of others, because those companies rely on it for outsourced data services. And we’re only going to be seeing a lot more of that, I believe.

You’ve touched on a sore spot—the often fuzzy IT buzzword of “cloud computing.” Do you think organizational appetites for outsourcing their data to third parties will weaken anytime soon because of security concerns?

I think in the next three to five years—if tech development keeps going the way it has been, for various cost and policy reasons a lot of companies will realize that cloud computing doesn’t give them the advantages they were counting on and will move things back into a data center or private cloud.

Thirty to 40 years ago, back when we had these massive data centers that were under control of centralized management because it was a huge investment in infrastructure, generally the data was under [tight corporate control]. Then we started moving out to distributed media and desktop PCs in most organizations, and I think the ’90s were about the low point in terms of centralized business control over computer systems. Now we’re getting back to the point where companies are realizing—especially with big shared databases—the importance of having more control over their data.

3 comments. Share your thoughts »

Credit: Purdue University

Tagged: Business, Business Impact, security, Securing Data

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me