The future of data lies in owning it and securing it. But what can you do about it? The answer lies in complexity.
Data is the language of the 21st century, and like all languages, it can seem incoherent to those who cannot read it. And it has been misused to spread misinformation.
Data is currency, too. Its value has been undergoing inflation for a long time, and its counterfeit has become a problem. Stolen data means devastation.
Either it can mean corporate espionage and the loss of jobs, or, like the case of Alan Turing and the breaking of the Enigma, the winning of a great war. Data has shaped how history and technology have shaped themselves.
However, we are at a point where data has been sold as a panacea to all technological problems.
This has created a dissonance. Organizations are reeling from massive amounts of data, and they have no idea what to do with it. Whether to discard it or hoard it like Smaug from The Hobbit.
The Corporate Greed of Data
There’s a reason why aggregators, lead lists, and so much of the data you buy or hoard do nothing for you. Your CTO is wasting TBs of storage for disconnected, useless, or potentially malicious information sets.
But on goes the hoarding because what if you miss some data set and the prediction or information fails? This is why corporations have become data greedy.
And there is a lot of useless data; duplication is a massive global problem that no one is able to solve. And it’s just being tacked on- more data is generated, and its value increases, but so does the noise in datasets.
It’s a negative feedback loop. One that has affected every operation on a global scale. It has made everything more efficient. And that includes stealing vital information that could turn the tide of war or change the fate of an individual or organization.
And the machine churns on and on. But it has started failing. Privacy laws have become strict, and missteps cause organizations hefty fines. Especially under the GDPR laws, which will/become the global gold standard of data safety.
The breach of data
But malicious organizations and actors that want to harvest data have realized a few ways of bypassing the laws. Either they will use their platform, say e-commerce or social, to find out what the vendors are selling and implement their own solutions.
For example, let’s take an imaginary e-commerce organization called Calzone. It used vendors to prop up its business and bring in buyers. The vendors paid a fee to host their products on Calzone’s platform and sold their products. It was the best win-win scenario.
But soon, Calzone started to monitor user behavior and understood what the buyers wanted- and provided the solutions with precision targeting. This undercut vendor authority, as Calzone knew buyer behavior and could anticipate what they would do.
In this example, the organization knowingly behaved maliciously. But not only that, Calzone, in this imaginary scenario, had a streaming service called Calzone Time – it used its users’ data to show advertisements.
Even to those who were on their paid services.
This is why vendors and users need a layered approach. Something we will discuss in length.
But for now, those are the organizations. What about malicious actors? Things get tricky here. While organizations, even imaginary giant e-commerce ones like Calzone, are passively malicious. Always skirting some boundary. (not in all scenarios, though)
But malicious actors are active and perverse in nature. They want to destroy and harm. And they are getting your data.
And organizations and agencies take the fall because, obviously, they were the ones who needed to protect it in the first place.
A recent example is the npm attack called the Shai-Hulud (From Dune, yes!)
This was the second attack in a year that resulted in a digital supply chain breach.
This was the second attack in a year that resulted in a digital supply chain breach. And this is where the hoarding mentality fails. When you collect everything from everywhere, you increase your surface area for attack. Your CTO is trying to defend a perimeter that is expanding infinitely. It is impossible. You cannot secure a landfill.
This is why we need to move away from “Data Lakes,” which are really just “Data Swamps,” and move toward a structured, layered approach. This isn’t just a marketing strategy; it is a survival strategy for your IT infrastructure. By segregating data into four distinct layers, you reduce noise, ensure compliance, and most importantly, you stop the leak of trust.
This is the second attack in a year that resulted in a digital supply chain breach. And this is where the hoarding mentality fails. When you collect everything from everywhere, you increase your surface area for attack. Your CTO is trying to defend a perimeter that is expanding infinitely. It is impossible. You cannot secure a landfill.
This is why organizations need to move away from “Data Lakes” – which are really just “Data Swamps” – and move toward a structured, layered approach. This isn’t just a marketing strategy; it is a survival strategy for your IT infrastructure. IT complexity is the enemy of security. The more complex your data stack, the harder it is to spot the anomaly, the leak, or the breach. A layered approach works because it simplifies the governance model. You treat different data sets with different levels of scrutiny and trust. It filters out the garbage before it enters your supply chain.
The Layered Defense Against Data Entropy
We need to stop looking at data as a monolith. It needs to be segregated based on source, risk, and utility.
Layer 1: Zero-Party Data (The Truth)
This is the data your customers give you explicitly. They tell you what they want. “I am a CFO, and I am interested in risk management.” This is the gold standard. It is compliant by design because the user volunteered it. From an IT perspective, this data is the safest. It doesn’t require complex scraping scripts or third-party cookies that get blocked by browsers. It is clean input. Stop guessing what they want based on a mouse hover. Just ask them. It reduces the computational load of prediction models and gives you the absolute truth.
Layer 2: First-Party Data (The Home Turf)
This is behavioral data collected on your own infrastructure. The clicks, the downloads, the webinar attendance. You own the pipes. You own the servers. This is where you bridge the engineering gap. Since you control the collection method, you can ensure the security protocols are in place. But be careful here. Just because you can track everything doesn’t mean you should. Hoarding behavioral data leads to the same “noise” problem we discussed earlier. Focus on intent signals, not just vanity metrics.
Layer 3: Second-Party Data (The Handshake)
This is where the digital supply chain comes into play. Second-party data is essentially someone else’s First-Party data that they share with you. Think of a partnership between a neo-bank and an insurance firm. But this is where the leak usually happens. If you accept data from a partner, you inherit their security posture. If they have a weak supply chain, you now have a weak supply chain. You must treat this data with extreme caution. Audit their processes. Demand their SBOM. If they cannot prove their data hygiene, do not ingest their data. It is better to have less data than infected data. A bad vendor can mean the doom of an organization.
Layer 4: Trusted Third-Party Data (The Intelligence)
Notice the word “Trusted.” This is not buying a lead list from a sketchy vendor who scraped LinkedIn in 2019. This is intent data, ABM data, and verified market intelligence. This is where you pay for clarity. But the challenge here is verification. As we saw with the Calzone example, big aggregators can turn on you. You need to diversify your sources. Do not rely on a single “Calzone” for your market view. Use third-party data to validate your internal hypothesis, not to replace it.
The IT Advantage of Layering
Why does this work? Because it solves the “Smaug” problem. Instead of sitting on a mountain of unorganized gold – and trash – you are organizing your assets.
- Reduced Storage Costs: You stop storing useless data. Your CTO stops wasting TBs of storage.
- Faster Processing: Your AI and prediction models run faster because the datasets are smaller and cleaner.
- Risk Mitigation: If a breach happens in Layer 4, it doesn’t necessarily compromise Layer 1. You have compartmentalized the risk.
Your business leaks when you try to drink from the firehose. The layered approach turns that firehose into a tap. You control the flow. You control the quality. And in a world where data can win wars or destroy reputations, control is the only thing that matters.
