Data Security – The Trends We Do Not See Coming

Uploaded on 2016-02-23 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Developments

With the emergence of the Internet of Things (IoT) and the continuous growth of cloud adoption among small businesses and large corporations, it is no wonder that the security industry is going through an unprecedented time of challenge and re-invention. But if we were to focus on data security alone, what would we recognize as the emerging trends and needs?

Cloudifying Security
This is an interesting paradigm. It is all about providing Security as a Service (SECaaS), which is essentially an outsourcing model for security management. The irony lies within the fact that SECaaS will use the cloud as a mainstream deployment platform, when part of its own reason of existence is to enhance the protection of…the cloud!

SECaaS has evolved from delivery of a security software (such as an anti-virus) on a Software as a Service (SaaS) model to security management provided in-house by an external organization. Generally, large security service providers integrate their products into a corporate infrastructure on a subscription basis, making security more cost effective to large corporations.

The growing trend in the SECaaS sector is for the provisioning of authentication and security event management services, which brings SECaaS a step closer to Security at the Core – the ultimate objective of security implementation.

The benefit of SECaaS, aside from traditional cost savings, speed of deployment and ease of scaling inherent to cloud products, is continuous protection, due to the constantly updated threat databases.

Emerging players such as Cloudbric, CloudFlare and Incapsula are now offering SECaaS free of charge, therefore, challenging existing major players like Avast. Business models may change in this market in the coming years, with more traditional players having to adapt to remain competitive.

This trend will consist in broadening the scope of SECaaS, while strategic alliances and possible acquisitions may occur in the process.

Improving Authentication …
A significant issue in data security is data hijacking, or compromising by usurpation of digital identity. The only solution to this problem is improving the accuracy of authentication.

Of course, authentication challenges open the door to biometric security. There is nothing more difficult to impersonate than a consistent set of biological footprints.

More and more players are becoming involved in these concepts. For example, fingerprint-based security systems are widespread in the physical world (building security, safes, cars, etc.) and in online-related items like smartphones. But will biometric security dominate? It is certainly trendy at the moment and will reduce costs as technology evolves and scales.

IoT may be a key enabler as well. It makes sense to secure connected objects with simple biometric identification, again as mobile phones do now, so the trend will most likely benefit from a noticeable uplift in the near future.

… To Provide the Right Authorisation
Authorisation is the step that comes when identification (‘I claim I am somebody’) and authentication (‘I managed to prove I am who I claimed to be’) have been successfully achieved. Authorisation is generally coupled with access control: what data can I access with the privileges associated to my profile?

Access control is a key aspect of data security. Practitioners have to balance data availability versus unauthorised data usage, knowing that hackers often target privileged users as their accounts provide a beachhead into the entire network.

In the near future, the challenge to solve this will relate to segmenting the data in such a way that it is actually useable by its consumers, while sufficiently compartmented to mitigate the risk of significant hacking. It will also be coupled with the necessity to achieve (or get close to) a state of ‘Positive Identification,’ which is notoriously difficult to achieve.

While the concept of ‘proving who you are claiming to be’ is quite simple, it requires a complex set of elements to be efficient and reliable. It starts with the definition of the evidence required. Is a photo or signature sufficient? Is a biometric component? Once defined, next comes the issue of gathering this information, especially for online systems. What proves that the passport, fingerprints and signature you present are actually yours?

This leads to the challenge of vetting the identification parameters provided. In the offline world, a study of the applicant can take months or years. Sources are cross-referenced, items are verified and testimonials are gathered. It is impractical to replicate this in the online world.

Finding a way to make it easier and faster, while maintaining the reliability of the concept is an interesting challenge and may well turn into an emerging trend.

Information-Management: http://bit.ly/1SMiFwx

« Women Write Better Computer Code Than Men
Why Aren’t Cyber Criminals Being Brought to Justice? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Echoworx

Echoworx

Echoworx primary and exclusive focus is providing organizations with secure email services.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

SignalSEC

SignalSEC

SignalSEC provides vulnerability intelligence, malware analysis, penetration testing and associated training services.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

Rankiteo

Rankiteo

At Rankiteo, we are pioneers in cybersecurity risk management. Our mission is to empower organizations with the tools they need to assess, enhance, and safeguard their digital landscapes.