Monday 1 March 2021
Amazon, like all big companies these days, is collecting so much data. Three current and former employees are blowing the whistle and have reported to Politico that Amazon’s customer data may be at risk. Amazon has pushed back on the claims, calling them inaccurate and unsubstantiated.
This is an interesting story, not so much for the facts of this specific case, but what it says about data security and privacy in the 21st century. As computers have become more ubiquitous and services have moved online, our ability to create and collect data has greatly outpaced our ability to organise and protect it. The complaints about Amazon centre around their poor grasp of “what data it has, where it is stored and who has access to it”. Yet, we wouldn’t expect this to be a uniquely Amazon problem. We’d hazard a guess that most big organisations could face similar criticism to differing degrees.
In general, the most vulnerable part of any system is humans. Humans that may inadvertently share access, not properly protect information, click a phishing link or take any number of actions that create system vulnerabilities. Amazon’s rapid growth over the past decade, and the sheer number of people that it has had to give access to its systems, seem to be at the heart of many of these criticisms. Again, something we expect would be a vulnerability for many fast growing organisations.
With increasing regulatory oversight of data practices and the concept of the ‘Right to be Forgotten’ becoming more popular, companies and organisations the world over are going to have to be smarter with how they manage data security. While Amazon is the organisation in the headlines today, there will be another, and another after that. As investors, this increasing focus on data security should turn our attention to the cyber security industry. As more stories like this are reported, cyber security companies will become increasingly important and in demand.