How ‘breaking the internet’ is challenging enterprise growth [Q&A]

We tend to think of the internet as something that is the same around the world, but with countries like China, India and Russia increasingly closing off the wider web to their citizens, is the global nature of the internet under threat?

We spoke to Ruoting Sun, VP of Product at Secureframe about the phenomenon of ‘internet disruption’ and what it means for businesses.

BN: What is internet hacking?

RS: Right now, some countries effectively have their own internet that adheres to their own digital laws around data privacy and security; this creates a fragmentation of a global internet. This is what we call breaking the internet. This idea first emerged with China’s implementation of the Great Firewall in an attempt to control information entering and leaving the country. Other countries gradually followed suit, aiming to act independently of the rest of the world for a variety of social and political reasons.

With today’s different versions of data privacy laws in the EU and Canada, and even the US — with state-specific laws like the CRPA — compliance has become increasingly difficult for organizations to properly maintain.

We are seeing more and more enterprises struggling to grow on a global scale given the money, time and effort now allocated to navigating regional regulatory obligations, data security measures, employee training and stay up to date with evolving data privacy laws.

While public cloud infrastructure providers like AWS, Azure, and GCP enable enterprises to scale efficiently, they actually exacerbate this problem by further driving platform centralization and making it harder for companies to reconcile regional differences in data privacy and security.

BN: Is the decentralized nature of the web under threat?

RS: It depends on where in the stack you’re talking about decentralization. If we’re talking about workloads and applications, things are more decentralized than ever, and there’s no reason to think that won’t continue. It’s never been easier to build and release web applications; Rich APIs allow data to flow easily between different applications, which in turn creates new use cases and thus new opportunities. In this sense, the explosion of big data and enterprise SaaS has been a self-reinforcing, virtuous cycle. If we’re talking about the web from a platform and infrastructure perspective, we’ve actually been on the road to centralization for quite some time. Again, public cloud providers have made it incredibly easy to build and launch new products and services, and thus new companies, with minimal initial infrastructure investment. However, there are only a handful of these major providers (AWS, Azure, GCP, Alibaba) and the vast majority of online workloads now reside on these platforms. In that sense, the Internet has never actually been more centralized. With that centralization of the platform comes the benefit of massive economies of scale, but it also presents challenges when dealing with a fractured internet.

As more businesses operate on a global scale, they are introduced to additional challenges around meeting regional compliance obligations. The consequences of failing these compliance obligations often mean that those businesses are locked out of those markets, which means slower growth for those companies. We don’t yet have the appetite or the geopolitical apparatus to help global companies adhere to a decentralized set of rules in a relatively centralized Internet.

BN: Why are national laws insufficient to protect the global nature of the Internet?

RS: Basically, it comes down to the fact that ‘national’ laws are rooted in physical borders that mean very little when applied in a globally connected digital realm.

Current efforts to enforce these laws define a sort of ‘boundary’ of applicable enforcement: the nationality of the individual, the location of the customer, the location where the provider operates, the location of the transaction, the location of the server where the data resides, etc. . I don’t think any of these frameworks really work for implementing these laws at scale. Much is left open to interpretation, including, more problematically, jurisdiction. This diversity also makes it difficult to create a universal framework that accommodates the different perspectives and demands of different nations. And when it comes time for different countries and jurisdictions to come together and address global Internet issues, these political, economic, and diplomatic factors can hinder effective cooperation.

The rapid nature of technological advancements also makes it challenging to keep up with it, and the Internet is no exception. Artificial intelligence is clearly a game-changer in all of this, as countries rush to better understand what it means for the digital well-being of their citizens. New technologies and platforms often outpace the development of regulatory frameworks, and governments are scrambling to keep up with the pace of innovation and update their laws accordingly.

BN: What problems do businesses face that trade across national borders?

RS: As the single global Internet becomes fragmented, security and privacy differences will become increasingly severe for companies seeking to grow through globalization. A growing set of regional data protection regulations will undoubtedly present challenges for global companies to achieve compliance.

We can expect significant increases and changes in security and privacy compliance standards at regional levels. This will significantly impact the Governance, Risk and Compliance teams in the enterprise. These teams must find ways to become growth enablers for their businesses, rather than allowing regulatory obligations to become growth inhibitors.

BN: How can automation help enterprises deal with different regulatory regimes?

RS: As companies seek to continue operating in several international markets, they must rely on automation platforms to streamline the security and compliance process as much as possible, especially many of the manual, time-consuming aspects such as auditing of health monitoring, control evidence collection and compliance data management. Because most IT and security tools are cloud-based and have powerful APIs for data exchange, it is possible to simplify and automate many of these tedious tasks. Compliance automation platforms reduce the overall burden of complying with various regulatory obligations and ensure that organizations are up-to-date on information security and privacy standards and requirements, allowing GRC functions to be an opportunity for growth.

Image credit: ADDRicky / depositphotos.com