In case you missed our press release on the Critical Data Security Trends for 2019, we’re sharing the list here on the blog for the ease of our readers. What’s on your priority list? We’d love to hear your feedback.
More Data, More Devices and More Regulations Mean New Approaches to Data Security are Needed.
This year’s trends highlight the challenges of protecting access to the increasing volume of sensitive data created and stored by businesses today.
“In 2018, we saw businesses continue the migration of their application workloads to the cloud, resulting in new security needs that arise when considering the “new normal” of a hybrid model that combines on-premise and cloud infrastructures,” said Gerry Gebel, vice president of business development at Axiomatics. “Developing now are the models and tools businesses need to protect sensitive digital assets at the micro level to ensure their reputation remains intact, satisfy compliance mandates, improve the customer experience, gain a competitive edge and protect valuable information.”
The trends expected to expand and grow in 2019 include:
Data Services Move to the Cloud
Businesses are embarking on more artificial intelligence (AI) and machine learning data projects, as the mass migration of data, applications, workflows and other business elements to the cloud continues. Cloud platforms like AWS and Microsoft Azure offer easier, affordable and more flexible data storage systems compared to traditional storage solutions like on-premise relational databases. It seems like a new data service (call it big data, data lake, etc.) emerges on a regular basis, offering new features or capabilities. It’s a priority to augment the basic security capabilities of the cloud platform and cloud data service providers.
Transitioning to DevSecOps
Businesses that develop software are using modern DevOps techniques to achieve faster time-to-market and continuously deliver new features at a rapid pace. Security professionals are using the best practices of the DevOps methodology to take an agile approach to security. By incorporating security into DevOps and transitioning to DevSecOps, companies can automate security processes, determine their internal best practices and securely bring new application services to production faster. Increasingly, we are seeing scenarios where legacy identity and security components are not compatible with this new DevSecOps model – security solutions must be adaptable or they will become an impediment to business outcomes, rather than being supportive of business initiatives.
Microservices and API Security
The trend toward utilizing microservices, service meshes and APIs continues apace. These new applications are frequently the channel for accessing sensitive or regulated data. In scenarios where fine-grained access is a must, we expect a growing number of enterprises to adopt a more comprehensive approach to access control by combining OAuth and Attribute Based Access Control models. We are seeing a growing number of cases where authorization as a microservice is a real business advantage, whether deployed independently or as a sidecar alongside your app’s microservice. This trend will expose many benefits, such as proper management and governance of access scopes, cleaner APIs that are not polluted with security logic and more agile development cycles when offloading security to an infrastructure service.
The Domino Effect of General Data Protection Regulation (GDPR) Compliance
The GDPR frenzy didn’t end in May 2018 when the regulation went into effect. Instead, there is uncertainty over how GDPR will be enforced as well as new regulations on the horizon in other parts of the globe. The newly signed United States, Mexico, Canada Agreement (USMCA) agreement (NAFTA 2.0), when ratified, will restrict data localization, enabling data to flow freely across borders, resulting in new data privacy concerns. In addition, Canada is introducing new data protection laws with GDPR’s standards in mind and California passed the Consumer Privacy Act of 2018 (AB375). These regulatory requirements drive organizations to implement new security controls that can protect consumer and citizens privacy through a context-sensitive and risk based access control model across the enterprise.
Enhancing Digital Business
The push toward digital transformation to create new digital experiences and modernize legacy development approaches to better serve customers is still a priority. As more industries see disruptive entrants, the speed of the development process must keep pace. Businesses are now busy trying to utilize, monetize and secure their digital data assets to serve their customers better.
Filling the IT Skills Gap
The IT skills gap is very real across the entire enterprise architecture. Whether it is data management tools or Identity and Access Management (IAM) tools, it is critical for IT leadership to invest in the training required to ensure employees understand how to leverage a variety of modern technologies to gain a competitive advantage. IAM tools are one good example. Leveraging disparate IAM tools requires different sets of skill and expertise for each tool. Users need training to master all of these tools to ensure data isn’t accessed by unauthorized users. Organizations like IDPRo are addressing this need head-on, to help lead the way for the next generation of digital identity professionals on a global basis.
Controlling Access to IoT Data
IoT is responsible for driving the biggest quantity of data into data lakes for businesses to analyze and leverage for analytics. With so much data at stake, companies must control who can and cannot access that data. To help protect the data that IoT devices are generating, businesses require finer-grained access control to protect data lakes as IoT data flows in.
“As more data is generated through IoT devices and moved to the cloud, it becomes increasingly important to share that data securely across an enterprise to generate analytical insights,” said Pablo Giambiagi, vice president of strategic research at Axiomatics. “As a result, businesses are in search of modern tools and approaches to stave off unauthorized access to data and mitigate their chances of a data breach in 2019.”