Data Security – The Trends We Do Not See Coming

Uploaded on 2016-02-23 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Developments

With the emergence of the Internet of Things (IoT) and the continuous growth of cloud adoption among small businesses and large corporations, it is no wonder that the security industry is going through an unprecedented time of challenge and re-invention. But if we were to focus on data security alone, what would we recognize as the emerging trends and needs?

Cloudifying Security
This is an interesting paradigm. It is all about providing Security as a Service (SECaaS), which is essentially an outsourcing model for security management. The irony lies within the fact that SECaaS will use the cloud as a mainstream deployment platform, when part of its own reason of existence is to enhance the protection of…the cloud!

SECaaS has evolved from delivery of a security software (such as an anti-virus) on a Software as a Service (SaaS) model to security management provided in-house by an external organization. Generally, large security service providers integrate their products into a corporate infrastructure on a subscription basis, making security more cost effective to large corporations.

The growing trend in the SECaaS sector is for the provisioning of authentication and security event management services, which brings SECaaS a step closer to Security at the Core – the ultimate objective of security implementation.

The benefit of SECaaS, aside from traditional cost savings, speed of deployment and ease of scaling inherent to cloud products, is continuous protection, due to the constantly updated threat databases.

Emerging players such as Cloudbric, CloudFlare and Incapsula are now offering SECaaS free of charge, therefore, challenging existing major players like Avast. Business models may change in this market in the coming years, with more traditional players having to adapt to remain competitive.

This trend will consist in broadening the scope of SECaaS, while strategic alliances and possible acquisitions may occur in the process.

Improving Authentication …
A significant issue in data security is data hijacking, or compromising by usurpation of digital identity. The only solution to this problem is improving the accuracy of authentication.

Of course, authentication challenges open the door to biometric security. There is nothing more difficult to impersonate than a consistent set of biological footprints.

More and more players are becoming involved in these concepts. For example, fingerprint-based security systems are widespread in the physical world (building security, safes, cars, etc.) and in online-related items like smartphones. But will biometric security dominate? It is certainly trendy at the moment and will reduce costs as technology evolves and scales.

IoT may be a key enabler as well. It makes sense to secure connected objects with simple biometric identification, again as mobile phones do now, so the trend will most likely benefit from a noticeable uplift in the near future.

… To Provide the Right Authorisation
Authorisation is the step that comes when identification (‘I claim I am somebody’) and authentication (‘I managed to prove I am who I claimed to be’) have been successfully achieved. Authorisation is generally coupled with access control: what data can I access with the privileges associated to my profile?

Access control is a key aspect of data security. Practitioners have to balance data availability versus unauthorised data usage, knowing that hackers often target privileged users as their accounts provide a beachhead into the entire network.

In the near future, the challenge to solve this will relate to segmenting the data in such a way that it is actually useable by its consumers, while sufficiently compartmented to mitigate the risk of significant hacking. It will also be coupled with the necessity to achieve (or get close to) a state of ‘Positive Identification,’ which is notoriously difficult to achieve.

While the concept of ‘proving who you are claiming to be’ is quite simple, it requires a complex set of elements to be efficient and reliable. It starts with the definition of the evidence required. Is a photo or signature sufficient? Is a biometric component? Once defined, next comes the issue of gathering this information, especially for online systems. What proves that the passport, fingerprints and signature you present are actually yours?

This leads to the challenge of vetting the identification parameters provided. In the offline world, a study of the applicant can take months or years. Sources are cross-referenced, items are verified and testimonials are gathered. It is impractical to replicate this in the online world.

Finding a way to make it easier and faster, while maintaining the reliability of the concept is an interesting challenge and may well turn into an emerging trend.

Information-Management: http://bit.ly/1SMiFwx

« Women Write Better Computer Code Than Men
Why Aren’t Cyber Criminals Being Brought to Justice? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Silk Security

Silk Security

Silk is the first platform that enables enterprises to take a strategic, sustainable approach to resolving code, infrastructure and application risk.

Zyber 365 Group

Zyber 365 Group

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Sattrix Information Security

Sattrix Information Security

Sattrix Information Security understand the evolving threat landscape and provide businesses with comprehensive cybersecurity solutions.