How 'internet fracturing' is challenging enterprise growth [Q&A]
We tend to think of the internet as being something that's the same all over the world, but with nations like China, India and Russia increasingly closing off the wider web to their citizens, is the global nature of the internet under threat?
We spoke to Ruoting Sun, VP of Product at Secureframe about the phenomenon of 'internet fracturing' and what it means for businesses.
BN: What is internet fracturing?
RS: Right now, several countries effectively have their own internets that adhere to their own digital laws around data privacy and security; this creates a splintering of a global internet. This is what we call internet fracturing. This idea first emerged with China's implementation of the Great Firewall in an attempt to control information coming in and out of the country. Other countries gradually followed suit, aiming to operate independently from the rest of the world for a variety of social and political reasons.
With today's different versions of data privacy laws in the EU and Canada, and even the US -- with state-specific laws like CRPA -- compliance has become increasingly difficult for organizations to properly maintain.
We're seeing more and more enterprises struggle to grow on a global scale given the money, time and effort now allotted to navigating regional regulatory obligations, data security measures, employee training, and staying up-to-date with evolving data privacy laws.
While public cloud infrastructure providers such as AWS, Azure, and GCP enable enterprises to scale efficiently, they actually exacerbate this problem by further driving platform centralization and making it more difficult for companies to reconcile regional differences in data privacy and security.
BN: Is the decentralized nature of the web under threat?
RS: It depends on where in the stack you are talking about decentralization. If we are talking about workloads and applications, things are more decentralized than ever, and there's no reason to think this won't continue. It has never been easier to build and launch web applications; rich APIs allow for data to easily traverse between different applications, which in turn create new use cases and thus new opportunities. In that sense, the explosion of big data and enterprise SaaS has been a self-reinforcing and virtuous cycle. If we are talking about the web from a platform and infrastructure perspective, we've actually been on the path towards centralization for quite some time. Again, public cloud providers have made it incredibly easy to build and launch new products and services, and thus new companies, with minimal upfront investment in infrastructure. However, there are only a handful of these major providers (AWS, Azure, GCP, Alibaba) and the vast majority of internet workloads now reside on these platforms. In that sense, the internet has actually never been more centralized. With that platform centralization comes the benefit of massive economies of scale, but it also presents challenges when dealing with a fractured internet.
As more businesses operate on a global scale, they're introduced to additional challenges around meeting regional compliance obligations. The repercussions of failing these compliance obligations often mean those businesses are locked out from those markets, which means slower growth for those companies. We don't yet have the geopolitical appetite or apparatus to help global companies adhere to a decentralized set of rules on a relatively centralized internet.
BN: Why are national laws inadequate to protect the global nature of the internet?
RS: Fundamentally, this comes down to the fact that 'national' laws are rooted in physical boundaries that mean very little when applied to a globally-connected, digital realm.
Current attempts to enforce these laws draw some kind of 'boundary' of applicable enforcement: nationality of the individual, location of the customer, location where the provider operates, location of the transaction, location of the server where the data resides, and so on. I don't think any of these frameworks really work for enforcing these laws at scale. Too much is left open to interpretation, including and most problematically, jurisdiction. This diversity also makes it difficult to create a universal framework that accommodates the various perspectives and requirements of different nations. And when the time comes for different countries and jurisdictions to come together and address global internet issues, these political, economic, and diplomatic factors can hinder effective cooperation.
The rapid nature of technological advancements also make it challenging to keep up with and the internet is no exception. AI is certainly a step-function change in all of this as countries rush to better understand what it means for the digital well-being of their citizens. New technologies and platforms often outpace the development of regulatory frameworks, and governments are struggling to keep up with the pace of innovation and update their laws accordingly.
BN: What problems do businesses that trade across national boundaries face?
RS: As the single global internet becomes splintered, security and privacy differences will become increasingly burdensome to companies looking to grow through globalization. An increasing array of regional data protection regulations will undoubtedly pose challenges for global companies to achieve compliance.
We can expect significant growth and variation in security and privacy compliance standards at regional levels. This will significantly impact Governance, Risk and Compliance teams in enterprises. These teams must find ways to become enablers of growth for their businesses, rather than allowing regulatory obligations to become blockers to growth.
BN: How can automation help enterprises deal with different regulatory regimes?
RS: As companies look to continue operating in several international markets, they should lean on automation platforms to streamline as much of the security and compliance process as they can, especially many of the manual, time-consuming aspects such as control health monitoring, control evidence collection, and compliance data management. Because much of IT and security tooling is cloud-based and has robust APIs for data exchange, it's possible to simplify and automate many of these laborious tasks. Compliance automation platforms reduce the overall burden of maintaining adherence to different regulatory obligations and ensure organizations are up-to-date on information security and privacy standards and requirements, allowing GRC functions to be an enabler for growth.
Image credit: ADDRicky / depositphotos.com