Data Security – The Trends We Do Not See Coming

Uploaded on 2016-02-23 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Developments

With the emergence of the Internet of Things (IoT) and the continuous growth of cloud adoption among small businesses and large corporations, it is no wonder that the security industry is going through an unprecedented time of challenge and re-invention. But if we were to focus on data security alone, what would we recognize as the emerging trends and needs?

Cloudifying Security
This is an interesting paradigm. It is all about providing Security as a Service (SECaaS), which is essentially an outsourcing model for security management. The irony lies within the fact that SECaaS will use the cloud as a mainstream deployment platform, when part of its own reason of existence is to enhance the protection of…the cloud!

SECaaS has evolved from delivery of a security software (such as an anti-virus) on a Software as a Service (SaaS) model to security management provided in-house by an external organization. Generally, large security service providers integrate their products into a corporate infrastructure on a subscription basis, making security more cost effective to large corporations.

The growing trend in the SECaaS sector is for the provisioning of authentication and security event management services, which brings SECaaS a step closer to Security at the Core – the ultimate objective of security implementation.

The benefit of SECaaS, aside from traditional cost savings, speed of deployment and ease of scaling inherent to cloud products, is continuous protection, due to the constantly updated threat databases.

Emerging players such as Cloudbric, CloudFlare and Incapsula are now offering SECaaS free of charge, therefore, challenging existing major players like Avast. Business models may change in this market in the coming years, with more traditional players having to adapt to remain competitive.

This trend will consist in broadening the scope of SECaaS, while strategic alliances and possible acquisitions may occur in the process.

Improving Authentication …
A significant issue in data security is data hijacking, or compromising by usurpation of digital identity. The only solution to this problem is improving the accuracy of authentication.

Of course, authentication challenges open the door to biometric security. There is nothing more difficult to impersonate than a consistent set of biological footprints.

More and more players are becoming involved in these concepts. For example, fingerprint-based security systems are widespread in the physical world (building security, safes, cars, etc.) and in online-related items like smartphones. But will biometric security dominate? It is certainly trendy at the moment and will reduce costs as technology evolves and scales.

IoT may be a key enabler as well. It makes sense to secure connected objects with simple biometric identification, again as mobile phones do now, so the trend will most likely benefit from a noticeable uplift in the near future.

… To Provide the Right Authorisation
Authorisation is the step that comes when identification (‘I claim I am somebody’) and authentication (‘I managed to prove I am who I claimed to be’) have been successfully achieved. Authorisation is generally coupled with access control: what data can I access with the privileges associated to my profile?

Access control is a key aspect of data security. Practitioners have to balance data availability versus unauthorised data usage, knowing that hackers often target privileged users as their accounts provide a beachhead into the entire network.

In the near future, the challenge to solve this will relate to segmenting the data in such a way that it is actually useable by its consumers, while sufficiently compartmented to mitigate the risk of significant hacking. It will also be coupled with the necessity to achieve (or get close to) a state of ‘Positive Identification,’ which is notoriously difficult to achieve.

While the concept of ‘proving who you are claiming to be’ is quite simple, it requires a complex set of elements to be efficient and reliable. It starts with the definition of the evidence required. Is a photo or signature sufficient? Is a biometric component? Once defined, next comes the issue of gathering this information, especially for online systems. What proves that the passport, fingerprints and signature you present are actually yours?

This leads to the challenge of vetting the identification parameters provided. In the offline world, a study of the applicant can take months or years. Sources are cross-referenced, items are verified and testimonials are gathered. It is impractical to replicate this in the online world.

Finding a way to make it easier and faster, while maintaining the reliability of the concept is an interesting challenge and may well turn into an emerging trend.

Information-Management: http://bit.ly/1SMiFwx

« Women Write Better Computer Code Than Men
Why Aren’t Cyber Criminals Being Brought to Justice? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

Seavus Accelerator

Seavus Accelerator

Seavus Accelerator's goal is to create an enabling and stimulating environment for start-ups growth and provide continuous high quality acceleration and investment support.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.

Velum Labs

Velum Labs

Velum Labs is a cyber intelligence company that provides simple and non-intrusive, cloud and cyber intelligence solutions; built from a market-leading understanding of cyber-attack methodology.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.