47 Data Protection Predictions from 29 Experts for 2023

Solutions Review editors received data protection predictions from experts for 2023, part of the 4th-annual BUDR Insight Jam.

As part of Solutions Review’s third-annual #BUDRInsightJam, we called for the industry’s best and brightest to share their data protection predictions for 2023. The experts featured here represent the top data protection solution providers with experience in this niche. Data protection predictions have been vetted for relevance and ability to add business value as well. These are the best predictions from the dozens we received. We believe these are actionable and may impact a number of verticals, regions, and organization sizes.

Note: Data protection predictions are listed in the order we received them.

Data Protection Predictions from Experts for 2023

Nik Acheson, CDO at Okera

Data subject access requests get supercharged

“With more breaches becoming public, policy makers are being forced to represent a frustrated consumer base and hold companies more accountable. As such, we’re continuing to see a boom in policies, regulations, and permissibility, with corporate executives being held accountable for not following best practices.

In 2023, new technologies along with attention from the legal community will pick up steam enabling individuals to gain greater visibility and control of what, where, and how their data is being used. Worse, it will cripple many enterprises that still struggle with over-provisioning of data, lack of full visibility, and legacy patterns operating in contemporary distributed data environments.” 

Stephen Cavey, Chief Evangelist at Ground Labs

Sensitive data protection

“As new regulations across many American states and other countries begin to define and protect sensitive personal data (SPI), companies that are unable to recognize and defend their SPI could run afoul of many recently passed regulations. In the following year, a high-profile SPI breach will likely result in a multinational corporation facing dozens (if not hundreds) of penalties from all the jurisdictions in which individuals were affected. This will help companies realize that they must improve their inventory and security practices for SPI data.”

Less is more data storage

“High-profile breaches and increasingly stringent regulations (like the GDPR and the yet-to-pass ADPPA) will guide many companies to adopt a “less is more” approach regarding their data — questioning whether everything they collect and store is truly necessary and discovering some long-held assumptions are untrue. For example, some companies might store salutations (like Mr. or Ms.) which inadvertently could be used to identify gender. However, updating any user-facing emails to use a “Hi [name]” format instead can result in those salutations becoming unnecessary.”

Chris Lubasch, Chief Data Officer & RVP DACH at Snowplow

Data privacy and compliance

“One of the hot topics in Europe and beyond will continue to be data privacy and compliance. Whether it’s because customers are increasingly aware of how brands use their data, or regulatory bodies are significantly increasing scrutiny and banning Google Analytics in some countries, it’s never been more important for organizations to consider how data compliance and ongoing data management form a critical part of their business and data strategy. 

Privacy regulations are here to stay, no matter how they look in detail. Instead of continuing to exploit datasets to the maximum, often without proper knowledge, consent or understanding of their customers, organizations need to embrace this unique opportunity before their competition. It’s a chance and necessity to enter into a new relationship with users and customers, one that is guided by getting something back in return for sharing private data. It will continue to play an essential role in learning what works and what doesn’t, or data-empowering decisions made across the board. But the days to exhaust all data points possible are finally over. Less is more, deliberately creating and using what you need will become the new status quo down the road.”

Hayley-Jayne Cone, VP of Customer at Snowplow

Data protection law

“In 2022, discussion of data protection laws has increased on a global scale, such as with the General Data Protection Regulation (GDPR). Specifically, many countries are seeking clarity on how and when data may be used so that technology companies can remain compliant.

This issue has resurfaced in 2022 after Google Analytics was found to be not in compliance with GDPR in several countries, such as Austria, France, Italy and Denmark. Many organizations find themselves looking for alternative analytics options for their tracking.

We’re also seeing more focus on data privacy in the U.S. at the state level in California, New York, Virginia, and Colorado. Many more states are considering drafting privacy laws. It’s a real struggle for businesses to navigate these new legislations, especially when new laws are being enacted at the state level rather than the national level every year. In 2023, we will see more organizations reckoning with how to effectively comply with the new data privacy regulations while continuing to provide the best possible customer experience.”

Surya Varanasi, CTO at StorCentric

Data security

“The ransomware threat will continue to grow and become increasingly aggressive – not just from a commercial standpoint, but from a nation-state warfare perspective as well. Verizon’s 2022 Data Breach Investigations Report, reminded us how this past year illustrated, “… how one key supply chain incident can lead to wide ranging consequences. Compromising the right partner is a force multiplier for threat actors. Unlike a financially motivated actor, nation-state threat actors may skip the breach altogether, and opt to simply keep the access to leverage at a later time.” For this reason, channel solutions providers and end-users will prioritize data storage solutions that can deliver the most reliable, real-world proven protection and security. Features such as lockdown mode, file fingerprinting, asset serialization, metadata authentication, private blockchain and robust data verification algorithms, will transition from nice-to-have, to must-have, while immutability will become a ubiquitous data storage feature. Solutions that do not offer these attributes and more won’t come even close to making it onto any organization’s short-list.”

Brian Dunagan, CTO at Retrospect

Data management

“Freedom and flexibility will become the mantra of virtually every data management professional in the coming year. In particular, data management professionals will seek data mobility solutions that are cloud-enabled and support data migration, data replication and data synchronization across mixed environments including disk, tape and cloud to maximize ROI by eliminating data silos. We will likewise see an uptick in solutions that support vendor-agnostic file replication and synchronization, are easily deployed and managed on non-proprietary servers and can transfer millions of files simultaneously – protecting data in transit to/from the cloud with SSL encryption.”

Ransomware

“Ransomware will remain a huge and relentlessly growing global threat, to high profile targets and to smaller SMBs and individuals as well. There are likely a few reasons for this continuing trend. Certainly, one is that today’s ransomware is attacking widely, rapidly, aggressively, and randomly – especially with ransomware as a service (RaaS) becoming increasingly prevalent, looking for any possible weakness in defense. The second is that SMBs do not typically have the technology or manpower budget as their enterprise counterparts.”

Deepak Mohan, EVP of Engineering at Veritas Technologies

More scrutiny on cloud budgets in 2023

“According to Veritas research, 94 percent of organizations are overspending on cloud and are going over their allocated cloud budgets by an average of 43 percent. As the amount of data continues to grow year over year, so does the cost of storing it in the cloud, which is becoming harder to justify. Though most companies have realized advanced business strategies through cloud adoption, CEOs and boards will increasingly demand transparency surrounding the ROI of cloud spend.

With many economists predicting a continued downturn next year, we expect scrutiny on IT spending to intensify further in 2023, which will put pressure on IT leaders to justify their cloud budgets while identifying new ways to reduce data volumes. This could lead to more effective data storage and management strategies, such as deduplication techniques to ensure reduced storage consumption.”

Low code/no code applications will create compliance issues

“Low code/no code application development has been instrumental in democratizing application development across companies. In 2023, low code/no code adoption will become mainstream, and non-technical employees (citizen developers) across any organization will have the power to create their own app. While this will significantly alleviate the burden on IT teams, it will also create a big compliance risk for organizations. Because citizen developers don’t have the same experience in implementing security and privacy, most of the applications they develop won’t be adequately protected and protection policies may be inaccurately applied. As a result, not only will organizations face compliance issues, their applications may also create new vulnerabilities for bad actors to exploit.”

More edge devices mean more vulnerabilities

“Gartner predicts that by 2025, more than 50 percent of enterprise-managed data will be created and processed outside the data center or cloud. As more data processing moves to the edge, it complicates IT architecture and increases the attack surface. What’s more, enterprises often don’t apply the same level of protection to the edge as they do in the data center or the cloud, often due to skills and staffing shortages. To fully protect the enterprise, each of these edge devices needs to be protected and backed up. On top of that, organizations need to determine what data coming from edge devices is critical versus non-critical to maintain storage and protection costs, understanding the added scrutiny on IT budgets.”

Angel Viña, CEO and Founder at Denodo

As recession looms, companies will look to optimize infrastructure cost

“Whether North America is in recession or not, companies are actively cutting costs, and reducing IT infrastructure, which has always been an easy choice for CEOs. While compute and storage costs continue to be reduced through the usage of cloud it still can lead to huge bills for organizations given their heavy investments in data and analytics infrastructure. Thanks in part to the breadth of choices of storage, compute, and applications, companies often take a rip-and-replace strategy to modernize their data and analytics efforts. That approach is not only is costly, but it can often lead to disruption in IT operations. In 2023, more companies will see IT focusing on modern, non-disruptive ways to update their IT infrastructure, whether their data resides entirely in one cloud, multiple clouds, or in a hybrid environment including on-premises.”

Balaji Ganesan, Co-Founder and CEO at Privacera

Data protection

“Data security platforms provide data protection using a combination of fine-grained access controls, data masking, and encryption. They also include data and data access activity monitoring as well as audit and reporting capabilities that can be used for compliance purposes and data risk assessments. Integration with data governance allows the platform to handle coarse-grained user access to systems and applications. The combined power of this technology will skyrocket over the next few years as more and more data amasses within an organization. According to Gartner’s Hype Cycle for Data Security 2022, a data security governance framework should be used to identify and prioritize business risks that will be mitigated by data security policies.”

Ryan Splain, Director of Customer Success at ZL Technologies

The privacy umbrella

“As a result of COVID-19 the way in which we worked shifted. As hybrid and remote work become an integral part of workplace culture, our policies regarding employee data must also evolve. In 2023, we’ll start to see employees invest in the privacy of their data, and look to employers for transparency in the use of this collected information. This will require organizations to be transparent in the privacy laws that apply to their employees and have an established framework in place for how they use, govern and protect employee data.”

Regionalization

“As global networks grow and become ever more interconnected, privacy and data-protective measures have become a paramount consideration across borders as the global sharing of data fiercely increases. However, the laws surrounding data and privacy are still extremely regionalized. This year, we’ll begin to see the effects of globalized data against strict, regionalized policies.  As a result, we will begin to see new legislation in place that governs, yet simplifies data privacy laws and sharing that reflects a more global landscape.”

Anthony Cusimano, Director of Technical Marketing at Object First

Organizations realize the benefits of incorporating object storage into backups

“Object storage is the future of data storage, full stop! Because object storage is still considered new, there are many variables to consider when it comes to adoption, and many are using the metadata features to help train AI. In contrast, others choose it out of convenience on the cloud to pair with distributed apps and infrastructure. There is no denying that the most robust use case for object storage comes from the security through object lock (immutability), which offers the best business software solution to ensure ransomware cannot affect data stored within. That’s why it makes the perfect choice for data backups, and why organizations will start to realize its potential beyond the cloud.”

Todd Moore, Vice President of Encryption Products at Thales

The rise of data protection

“The relationship between data protection and consumer trust will continue to drive how organizations approach business practices in the New Year. The trending lack of consumer trust in 2022, will continue into 2023, along with an increased attention around data provenance. Simplifying the process of identifying the origin of data and providing an extra lens to view data’s trustworthiness will drive the need for enhanced data provenance. While the U.S. currently has no national framework around data privacy, there will be a push for businesses to provide compliance guarantees that are consistent with other global standards. In general, consumers will be asking large organizations, including Governments, to take data provenance more seriously and share details more openly to build their trust. This will drive customer buying decisions and will be critical in mitigating the consumer lack of trust.

Another outcome that we will see in 2023 will be an increased focus on encryption. With the focus on making sure that personal information remains confidential, encryption is the only solution that can ensure data protection, while also providing compliance with various global regulations like GDPR and CCPA.”

Colin Estep, Principal Security Researcher at Netskope

Data exposure will get worse before it gets better

“The adaptations that organizations have made to deal with a global pandemic, and now a remote workforce, also require security practices to evolve. With workers logging in from remote networks and using cloud-based services, it’s harder than ever to find insider threats. In 2023, we will see organizations realizing how little control they have over their own data.

If an employee is moving data from a corporate Google Drive to a personal Google Drive, would your organization be alerted to that activity? What if the employee was working remotely? If the employee normally accesses this level of data, then it will likely be allowed, and any alerts will be quickly dismissed as false positives. In addition, any traffic to Google Drive is likely to blend in with regular work-related traffic.

I think that most organizations don’t realize how prevalent this type of behavior is, and they don’t have the tools necessary to see it happen. In the next year or two, we will see more companies realizing that employees who are leaving are taking corporate data with them.”

Donnie Berkholz, SVP of Product Management at Percona

Data ownership, sovereignty, and control will continue to expand

“Rules on data privacy and digital sovereignty are continuing to expand. Following on from the GDPR, CCPA and EU rules on data privacy, more countries have adopted these rules and regulations to protect their citizens. Countries want to prevent too much control over data by foreign companies. For the EU, this includes looking at how to manage this when US companies effectively own the cloud computing market, and what this means for the future.

This is a problem for businesses that have to operate across regions and countries, as they will have more restrictions on where they can and can’t process their data. Open-source database communities are responding to this – for example, PostgreSQL 15 launched this year, with its improvements to Logical Replication, so you can set limits and geo-fence subsets of your data so it is restricted to specific locations and can’t be replicated outside where it is needed.”

Carl D’Halluin, CTO at Datadobi

Organizations will be forced to look for new approaches to manage unstructured data growth in 2023

“Many have already noticed that the pace of unstructured data growth is snowballing exponentially faster than it has in the past. This leads to increased costs, as companies have to buy more storage, and the introduction of risk, as the organization has less knowledge about the data as it ages in its network. Organizations need new solutions to minimize the financial impact and risk their business faces.

Furthermore, much of this unstructured data is stored in network-attached storage (NAS). This is because many applications haven’t yet been redeveloped to leverage object storage. So, much of an organization’s unstructured data will continue to be stored on-premises in 2023. Because of this, public cloud providers will form more relationships with traditional on-premises NAS vendors. They will offer branded, cloud-based, managed file services. These services will benefit customers because they have a simple “on-ramp,” they preserve pre-existing documentation and processes, and they take care of the underlying hardware and operating environment for the customer.”

W. Curtis Preston, Chief Technical Evangelist at Druva

IT leaders will rush to secure backup systems in light of rising cyber threats

“As we look forward into 2023, the number one concern of anyone responsible for data protection will be to secure their backup system. Ransomware groups will continue to directly target backup systems, using their knowledge of how the backup system works against it. Organizations must learn how to protect against such attacks. On premises systems should use local passwords on the backup server, use MFA wherever possible, not store backups in user-accessible directories, consider using a non-Windows backup server to store backups, and copy some of the backups to immutable cloud storage. Customers of SaaS-based systems have fewer worries, but they should still enquire about what would happen if someone gained access to the username and password for the backup system and successfully worked around MFA.  Such hackers can delete backups, with no backup for the backup.”

Ransomware will continue to be the #1 concern for IT

“Ransomware won’t go away in 2023; if anything, it will only get worse. To prepare, IT teams will need backup solutions that not only protect their data, but provide centralized and actionable insights on their organization’s security posture across distributed backup data and systems. Out-of-the-box capabilities that allow IT and security teams to easily understand their data security posture, observe backup changes without analyst time or new integrations, and drill into the dashboards and alerts unique to their deployments will be a key area of focus. By simplifying both access and the use of posture and observability data, IT and SecOps teams will be able to achieve better preparedness, faster incident investigation and response, and better root cause analysis. In order to prepare for threats, functionalities such as automatically detecting and reporting on unusual activity like bulk deletions, and allowing self-service roll-back to clean data will be key over the next decade.”

Stephen Manley, Chief Technology Officer at Druva

There will be a frenzy of mergers and acquisitions in H1, which will make the task of data protection even more complex

“Data sprawl is expanding faster than the universe. Even as organizations centralize their employees’ data with Microsoft 365, Google Workspace, and virtual desktops, corporate data is in more places than ever. Organizations run hundreds of SaaS tools, many of which retain data. Cloud-native workloads are only expanding, especially for data analytics. Edge and IoT is ubiquitous, even if IT does not realize it, yet. M&A is going to surge, so there will be even more data silos. Companies need a simple, scalable way to manage and protect their data – including respecting data residency requirements. It will be virtually impossible to manage and protect the data on their own.”

Data center infrastructure companies will continue to consolidate

“As the market growth slows and begins to recede, the vendors will need to come together to remain profitable. Moreover, as the customers experience the simplicity of cloud, they will expect a more integrated data center experience, rather than building custom solutions out of pieces. Second, analytics and data visualization companies will consolidate. Like the infrastructure companies, their customers are expecting more integrated value stacks, rather than having to stitch pieces together themselves. Ultimately, in 2023, customers will expect their technology vendors to do the work for them.”

Data security and protection will become even more inextricably linked

“Cyber attackers target backups before the production environment, so that their victims cannot recover their data without paying the ransom. Therefore, data protection is an integral part of a company’s risk management strategy. First, executives must create a risk management strategy that spans cyber-insurance, security, and data protection. Second, data protection teams must work with security to ensure that their backups are secured. Finally, data protection teams should connect with the security team to understand what role they need to play in preparing for and recovering from an attack.”

Yogesh Badwe, Chief Security Officer at Druva

As attacks become more sophisticated, business leaders focus on finding holistic solutions that bring together security and data protection

“When organizations piecemeal solutions or keep security and data protection in silos, they can unknowingly make themselves more vulnerable to threats and less able to recover. By taking a more integrated approach, organizations are able to increase their ability to assess data risks and move beyond data recoverability to proactively prepare for threats.”

Cassius Rhue, VP of Customer Experience at SIOS Technology

Data democratization drives the need for high availability of applications, databases, ERPs, and stored data

“Advancements in virtualization, and continued adoption of cloud computing and cloud storage have enabled companies to make more data available to more users than ever before. This data democratization trend has been growing for several years, giving non-specialists the ability to access and analyze more data from more sources – potentially enabling more informed decision-making and increased efficiency companywide.

In 2023 the ongoing trend of data democratization will continue – driving increased usage of applications such as SQL Server, Oracle and SAP HANA and creating a heightened requirement for high availability for these databases and their associated applications and data storage. In 2023, more companies will invest in advanced clustering and disaster recovery solutions to protect these systems from downtime and disasters.”

Innovations in high availability

“New predictive application monitoring tools, simulation tools and modeling techniques, based on the wealth of logs, data, and interconnected devices will combine with robust HA solutions capable of identifying threats to availability, predicting and mitigating impending outages, and providing IT administrators with greater diagnostics for unexpected incidents. These innovations will drive reductions in downtime and faster RCAs by combining HA solution expertise with the power of data, learned behavior, and self learning technology.”

Cloud migration and repatriation will continue to bring new demand

“Many companies fast tracked their cloud adoption journey due to world-changing events in the last 2+ years and traded on-prem data centers for the cloud. This cloud migration will continue, and at the same time, many companies will realize that migration itself was not a one size fit all solution nor a panacea for issues of  ‘application’ availability. Needs for high availability of stateful applications in the cloud will prompt companies to use clustering software. Repatriated systems will leverage solutions the minimize churn, and the need for multiple application availability vendors.”

Site reliability engineering increases need for high availability for critical applications

“With large organizations now managing many hundreds of servers and cloud VMs, all requiring increased availability, means that incorporating HA into Site Reliability Engineering principles will become a standard part of DevOps projects. Using SRE, DevOps teams will standardize on HA tools that are capable of decreasing complexity, increase availability and reliability, and automate application aware failovers.  The vendors who have products that support multiple OS versions, clouds, applications, and databases will be baked into vendor best practices.”

New best practices emerge that ensure both high availability and security

“Security and operations teams are often at odds with one another. Steps to ensure security can impede high availability recovery processes. HA in turn, can limit security steps. In 2023, companies will implement complementary security and HA clustering solutions that resolve these conflicts.”

Jay Upchurch, EVP and CIO at SAS Software

Enterprises move from traditional data warehouses to real-time data storage

“In 2023, we will continue to see movement away from traditional data warehousing to storage options that support analyzing and reacting to data in real-time. Organizations will lean into processing data as it becomes available and storing it in a user-friendly format for reporting purposes (whether that’s as a denormalized file in a data lake or in a key-value NoSQL database like DynamoDB). Whether a manufacturer monitoring streaming IoT data from machinery, or a retailer monitoring ecommerce traffic, being able to identify trends in real time will help avoid costly mistakes and capitalize on opportunities when they present themselves.”

Matt Carroll, Co-Founder and CEO at Immuta

CISOs will need to become the enablers – not the bottlenecks – of the modern data stack

“The rapid shift of data from on-premises to the cloud is spurring one of the greatest cybersecurity challenges to date. Despite most CISOs having a full arsenal of tools for protecting data in the cloud, the proliferation of cloud players such as Snowflake, Databricks, Google BigQuery, Amazon Redshift, and other cloud-based SaaS solutions has accelerated data sharing to a breaking point. Traditional approaches that worked for on-premises environments just can’t keep up with the exponential growth in the number of users, data sources, and policies that must be governed, managed, and secured in today’s environment. 

As a result, in 2023 we’ll see a major shift in data security architecture, forcing CISOs to roll up their sleeves and put controls into place around this budding “Modern Data Stack.” This will include proper access controls that effectively balance access and security, continuous monitoring of business intelligence, and data science activities for anomaly detection. At the same time, how we think about monitoring will have to change – zero trust won’t work using traditional approaches because there are too many endpoints. At the end of the day, monitoring within the modern data stack must evolve to keep pace with the speed of data.”

The rise of the data processing agreement (DPA)

“How organizations process data within on-premises systems has historically been a very controlled process that requires heavy engineering and security resources. However, using today’s SaaS data infrastructure, it’s never been easier to share and access data across departments, regions, and companies. With this in mind, and as a result of the increase in data localization/sovereignty laws, the rules as to how one accesses, processes, and reports on data use will need to be defined through contractual agreements – also known as data processing agreements (DPA). 

In 2023, we’ll see DPAs become a standard element of SaaS contracts and data sharing negotiations. How organizations handle these contracts will fundamentally change how they architect data infrastructure and will define the business value of the data. As a result, it will be in data leaders’ best interest to fully embrace DPAs in 2023 and beyond. These lengthy documents will be complex, but the digitization of DPAs and the involvement of legal teams will make them far easier to understand and implement.”

No-copy data exchanges will take hold

“In 2023, as data sharing continues to grow, and data and IT teams are strapped to keep up, no-copy data exchanges will become the new standard. As organizations productize their modern data stack, there will be an explosion in the size and number of data sets. Making copies before sharing just won’t be feasible anymore. In 2023, enterprises will flock to established platforms, like Snowflake’s Data Exchange and Databricks’ Delta Sharing protocol, to make it easier to securely share and monetize their data.”

Sophie Stalla-Bourdillon, Senior Privacy Counsel and Legal Engineer at Immuta

Getting access to data does not necessarily mean being in a position to derive useful insight

“In this data deluge, the successful organizations will be those who will be able to crack the data governance dilemma by leveraging both self-executing policies, such as access control and obfuscation, and auditing capabilities, with a view to reduce time to data. They will discard meaningless pre-approval workflows and federate data governance by making data owners the key players: data owners will be both domain experts and data stewards.”

Chris Gladwin, Co-Founder and CEO at Ocient

Hyperscale will become mainstream

“Data warehouse vendors are will develop new ways to build and expand systems and services. Some leading-edge IT organizations are now working with data sets that comprise billions and trillions of records. In 2023, we could even see data sets of a quadrillion rows in data-intensive industries such as adtech, telecommunications, and geospatial.  Hyperscale data sets will become more common as organizations leverage increasing data volumes in near real-time from operations, customers, and on-the-move devices and objects.”

Brian Spanswick, CISO at Cohesity

Security, data management, and storage

“As we think about the data security, data management, and storage industries in 2023 two dominant trends will be an increased focus on preventing and reducing the impact of cyberattacks such as ransomware. Market conditions and budgets will continue to be dynamic and will put greater emphasis on the need to adopt modern platform solutions, offering the most cost-effective and efficient strategies for data security and management.”

Data security

“Cybersecurity and data security will become even more important for organizations, resulting in the merge of data security, cyber security, and data management. The convergence of these three areas will be necessary to combat increasingly sophisticated cyber attacks such as ransomware. Leaders in these areas will partner and build AI-powered, integrated solutions providing customers with end-to-end security that helps prevent a breach.”

Brian Spanswick, CISO at Cohesity

Security, data management, and storage

“As we think about the data security, data management, and storage industries in 2023 two dominant trends will be an increased focus on preventing and reducing the impact of cyberattacks such as ransomware. Market conditions and budgets will continue to be dynamic and will put greater emphasis on the need to adopt modern platform solutions, offering the most cost-effective and efficient strategies for data security and management.”

Danny Sandwell, Senior Solutions Strategist at Quest Software

New data sovereignty laws will spur businesses to make data more visible and interoperable 

“We expect to see businesses take a more proactive role in creating their own data governance policies amid the current wave of regulatory action. The current global patchwork of data sovereignty and privacy laws has made it more complicated than ever for businesses to create consistent policies on data sharing, integration and compliance. This will continue to have a significant impact on organizations’ ability to maximize the use of data across their IT infrastructure, unless they put together clear plans for data integration and governance. In 2023, the passing of more data sovereignty and sharing laws will spur businesses to invest in getting visibility into their data and creating clear plans for sharing and integration across their IT landscape.”

Hillery Hunter, GM, Cloud Industry Platforms & Solutions; CTO at IBM Cloud

Preparing for evolving regulations and data sovereignty

“As organizations strive to meet the demands of today’s digital-first customers, they are modernizing at a faster rate than ever before. But at the same time, they need to balance innovation with growing regulatory requirements and data sovereignty laws. With regulatory requirements like DORA heating up across the globe, compliance will be top of mind for business leaders in the year ahead – and concerns will be even greater for those in highly regulated industries such as financial services and those handling client personal information. In fact, more than half of business and technology leaders believe ensuring compliance in the cloud has been too difficult according to a recent study by IBM. As the proliferation of cloud technologies gains more oversight from regulators and introduces emerging operating models for the industry like Sovereign Cloud, organizations will need to adopt technologies that allow them to drive innovation while adhering to growing requirements in 2023 and beyond.”

Protecting data as global ransomware threats grow

“As organizations strive to meet the need for instant gratification demanded by today’s digital-first customers, they also need to stay ahead of growing ransomware threats. While it’s important to ensure platforms and services are easy for customers to use, it’s even more critical to ensure they are impenetrable to bad actors that want access to sensitive financial data or wish to hold data ransom. In 2023, finding balance will be key as businesses –

especially those in highly regulated industries – modernize and strive to reduce 3rd and 4th party risk. As a result, we’ll see more organizations adopt business transformation strategies that are designed to handle their most mission-critical workloads and ensure data remains protected, especially through cybervault technologies.”

Giorgio Regni, CTO at Scality

Security will dominate IT buying criteria, including for data storage

“Supply chain issues and economic challenges will continue to impact storage projects in 2023 — the exception being those that can show tangible ROI on ransomware protection initiatives. This will present an opportunity for big data storage solutions with the intelligence to address current gaps in multi-level security, detection and data immutability for ransomware protection and fast business recoverability. Moreover, solutions that can provide AI-based anomaly-detection capabilities for detecting ransomware attacks will become more mainstream in the near future.”

Timothy Sherbak, Product Manager at Quantum

The future is in the past: let’s talk tape

“The use of tape for data retention will dramatically increase, reversing a decade-long downward trend. Organizations will re-invest in tape-based strategies to strengthen cybersecurity, reduce storage costs, and minimize energy expenditures. With data growing exponentially and the continued threat of cybercrime, 2023 will be the year of the return to tape. Rising power and cooling costs, and an increased ESG focus (environment, social, and corporate governance), will push enterprises away from the expense of spinning disk drives for long-term archiving. Tape continues its role as the most reliable, sustainable, secure, and low-cost storage media.”

NVMe leads the (new datacenter) way

“CTOs and CIOs have been aware of their power, cooling and data center usage–and the resulting expenses (the ‘E’ in those ESG reports). Simultaneously, they’ve been trying to cope with skyrocketing user demand while demonstrating less complexity, reduction in footprint, and fewer systems. As NVMe drives become widely available in higher capacities and lower costs, the C-suite reaps huge savings in data center footprint (up to 80%) and energy budgets (up to 70%), but also dramatically reduces the burden of administration and management by replacing multiple storage types with a single, hot NVMe-flash tier which archives to their choice of private or public cloud.”