A good chunk of my career was spent in banking — an industry that is generally wary of innovation and tech adoption, at least in part due to its highly regulated nature.
The tech industry, on the other hand, has spent the last two decades “moving fast and breaking things,” with few regulations standing in the way.
From my perspective at the crossroads via AvidXchange, neither model is ideal.
Over the past few years, banks have found a way to bridge the innovation gap, initiating partnerships with startups to access new technologies. Now, it’s tech’s turn to make a change.
With GDPR already in effect in Europe and the California Consumer Protection Privacy Act (CCPA) enforcement kicking off on New Year’s Day, data privacy and security were top-of-mind for technology companies in 2019.
For many, these regulations acted as a much-needed forcing function for re-evaluating data privacy and security practices, and analyzing company processes as a whole.
As a result, 2020 is shaping up to be more than just a fresh year or decade for tech. In many ways, it will be the start of an industry re-set, and we’ll see that manifest in a number of ways in the year ahead.
The broad scope of new legislation will be narrowed in the courts
“We will quickly see the first class-action lawsuit filed by consumers for inappropriate data collection under the law.”
In the wake of an influx of high-profile data breaches and increased clarity among consumers about what some companies are actually doing with their data, the CCPA was created to ensure greater privacy rights for California residents.
But since it would be painfully inefficient to create an entirely new security framework for just a single state, the legislation, which will become law on January 1, 2020, has become the rule for businesses operating anywhere within the United States.
While the CCPA is a welcome step in the right direction towards giving American consumers the data privacy rights they deserve, its broad definition of what constitutes “personal information” (PI) that requires consent for collection and distribution will almost assuredly be problematic at the onset.
As a result, we will quickly see the first class-action lawsuit filed by consumers for inappropriate data collection under the law.
This will lead to the courts making decisions about what does and doesn’t apply, eventually setting precedent for legal oversight and compliance of the CCPA and future legislation.
Legacy APIs will finally get the attention they deserve as easy breach targets
“We’ll finally see companies start to invest in deprecating or fixing their legacy APIs after years of apathy and abandonment to shore up their systems.”
Old APIs are among the most ignored aspects of any product when it comes to maintenance, which is particularly shocking when you consider that they also make for a great entry point for a hacker.
All APIs can be vulnerable to attack since they are designed to make data exchange easy, but those developed years ago using old code not equipped with the latest defensive capabilities can put a company’s data — and that of their users — at even greater risk.
Ask anyone working in engineering why they ignore the risks legacy APIs pose and they might tell you they can’t shut them down because customers still depend on them, or no one currently at the company understands the code used to write it, so it can’t be fixed.
Both scenarios make it hard for companies to justify investing in fixing legacy APIs, particularly when there’s a fast-approaching deadline to have a new one ready.
But the more APIs, the larger the surface area to enable a breach. The combination of increased attention on data privacy and security and major enterprises in high-risk industries — like banking — adapting their use will place legacy APIs under a microscope in 2020.
Accordingly, we’ll finally see companies start to invest in deprecating or fixing their legacy APIs after years of apathy and abandonment to shore up their systems.
Companies will pay down their tech debt
“We will start to see companies take a renewed interest in managing their tech debt and fixing the vulnerabilities that have emerged as a result of prior negligence.”
Tech debt is a fact of life at a fast-moving company and can be an indicator of strong product demand as engineers sprint to push new code out quickly.
But it’s important that companies maintain a healthy balance and not take on too much, as it can lead to performance and vulnerability issues down the line, both of which can eventually have adverse effects on revenues.
Throughout the past several years, many companies have left their tech-debt balance unchecked, and this is fast becoming an issue for both public and private market investors.
In 2020, we will start to see companies take a renewed interest in managing their tech debt and fixing the vulnerabilities that have emerged as a result of prior negligence.
Companies will begin 2020 with a fresh slate, looking at security through a different, more refined lens based on the experiences of the decade prior.
I am looking forward to seeing what the next 10 years have in store!