Data Security – The Trends We Do Not See Coming

With the emergence of the Internet of Things (IoT) and the continuous growth of cloud adoption among small businesses and large corporations, it is no wonder that the security industry is going through an unprecedented time of challenge and re-invention. But if we were to focus on data security alone, what would we recognize as the emerging trends and needs?

Cloudifying Security
This is an interesting paradigm. It is all about providing Security as a Service (SECaaS), which is essentially an outsourcing model for security management. The irony lies within the fact that SECaaS will use the cloud as a mainstream deployment platform, when part of its own reason of existence is to enhance the protection of…the cloud!

SECaaS has evolved from delivery of a security software (such as an anti-virus) on a Software as a Service (SaaS) model to security management provided in-house by an external organization. Generally, large security service providers integrate their products into a corporate infrastructure on a subscription basis, making security more cost effective to large corporations.

The growing trend in the SECaaS sector is for the provisioning of authentication and security event management services, which brings SECaaS a step closer to Security at the Core – the ultimate objective of security implementation.

The benefit of SECaaS, aside from traditional cost savings, speed of deployment and ease of scaling inherent to cloud products, is continuous protection, due to the constantly updated threat databases.

Emerging players such as Cloudbric, CloudFlare and Incapsula are now offering SECaaS free of charge, therefore, challenging existing major players like Avast. Business models may change in this market in the coming years, with more traditional players having to adapt to remain competitive.

This trend will consist in broadening the scope of SECaaS, while strategic alliances and possible acquisitions may occur in the process.

Improving Authentication …
A significant issue in data security is data hijacking, or compromising by usurpation of digital identity. The only solution to this problem is improving the accuracy of authentication.

Of course, authentication challenges open the door to biometric security. There is nothing more difficult to impersonate than a consistent set of biological footprints.

More and more players are becoming involved in these concepts. For example, fingerprint-based security systems are widespread in the physical world (building security, safes, cars, etc.) and in online-related items like smartphones. But will biometric security dominate? It is certainly trendy at the moment and will reduce costs as technology evolves and scales.

IoT may be a key enabler as well. It makes sense to secure connected objects with simple biometric identification, again as mobile phones do now, so the trend will most likely benefit from a noticeable uplift in the near future.

… To Provide the Right Authorisation
Authorisation is the step that comes when identification (‘I claim I am somebody’) and authentication (‘I managed to prove I am who I claimed to be’) have been successfully achieved. Authorisation is generally coupled with access control: what data can I access with the privileges associated to my profile?

Access control is a key aspect of data security. Practitioners have to balance data availability versus unauthorised data usage, knowing that hackers often target privileged users as their accounts provide a beachhead into the entire network.

In the near future, the challenge to solve this will relate to segmenting the data in such a way that it is actually useable by its consumers, while sufficiently compartmented to mitigate the risk of significant hacking. It will also be coupled with the necessity to achieve (or get close to) a state of ‘Positive Identification,’ which is notoriously difficult to achieve.

While the concept of ‘proving who you are claiming to be’ is quite simple, it requires a complex set of elements to be efficient and reliable. It starts with the definition of the evidence required. Is a photo or signature sufficient? Is a biometric component? Once defined, next comes the issue of gathering this information, especially for online systems. What proves that the passport, fingerprints and signature you present are actually yours?

This leads to the challenge of vetting the identification parameters provided. In the offline world, a study of the applicant can take months or years. Sources are cross-referenced, items are verified and testimonials are gathered. It is impractical to replicate this in the online world.

Finding a way to make it easier and faster, while maintaining the reliability of the concept is an interesting challenge and may well turn into an emerging trend.

Information-Management: http://bit.ly/1SMiFwx

« Women Write Better Computer Code Than Men
Why Aren’t Cyber Criminals Being Brought to Justice? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SafeUM Communications

SafeUM Communications

SafeUM Secure Messenger is an encrypted secure communications protection mechanism for instant messaging.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.