An article by Gerry Gebel in www.itproportal.com, it originally appeared here.
Critical data security trends for 2019 and beyond
Enterprise security is rapidly evolving as new threats emerge every day. With more data, devices and regulations than ever before, securing access to the large volume of information created and stored is critical. The pace and competition of the marketplace also demands collaboration and information sharing. So, the challenge is to secure access, for the right users, at the right time and under the right conditions.
In 2018, businesses continued to migrate their application workloads to the cloud. What was revealed in the process is that existing access control technologies are not enough – and new technology is needed that can work within new normal of hybrid (both on-premise and cloud) infrastructures.
The technologies that shaped this past year will have major ramifications on how businesses protect sensitive digital assets in the future. So, let’s take an in-depth look into the trends we expect to shape the data security landscape next year.
Moving data services to the cloud
As the mass migration of data, applications, workflows and other business elements to the cloud continues, businesses are embarking on more artificial intelligence and machine learning data projects than ever before. New data services regularly emerge, offering new features and capabilities. Traditional data storage solutions, like on-premise relational databases, don’t provide the easy, affordable and flexible data storage that cloud platforms like AWS and Microsoft Azure do. As organisations take advantage of the benefits of cloud data storage platforms, they should also look to augment the basic security capabilities cloud platforms and cloud data service providers offer to ensure access control is not compromised in this migration.
The transition to DevSecOps
To achieve faster time-to-market and deliver new features rapidly, businesses are developing software using modern DevOps techniques. Security professionals have been inspired by the gains made with DevOps design, and are implementing these principles to take an active approach to security. Companies will automate security processes, determine their internal best practices and securely bring new application services to production faster by incorporating security into DevOps and transitioning to DevSecOps. We continue to see scenarios where legacy identity and security components are not adaptable to the new DevSecOps model. Security solutions that succeed are those that will begin to adhere to this new approach.
Securing microservices and APIs
The trend of using microservices, service meshes and APIs continue to rise. As these channels grow in deployment, fine-grained access control is needed to ensure sensitive or regulated data is protected. We see enterprises augmenting existing OAuth access control with Attribute Based Access Control. Expect to see cases where authorisation as a microservice is a significant business advantage, whether deployed alone or as a sidecar working alongside an app’s microservice. This trend will bring to light the proper management and governance of access scopes, cleaner APIs that are not polluted with security logic and more development cycles when offloading security to an infrastructure service.
General data protection regulation (GDPR) compliance is here to stay
When GDPR took effect, the frenzy didn’t end. There is now uncertainty over how GDPR will be enforced as well as the new regulations in the future in other parts of the world. When ratified, the newly signed United States, Mexico, Canada Agreement (USMCA) agreement (NAFTA 2.0), will restrict data localisation, enabling data flow freely across borders, resulting in new data privacy concerns. Canada is also introducing new data protection laws while thinking about GDPR’s standards. California passed the Consumer Privacy Act of 2018 (AB375). Because of these regulatory requirements, organisations are implementing new security controls through a context-sensitive and risk-based access control model across the entire enterprise to protect the privacy of both consumers and citizens. This helps ensure scalability and the ability to ensure the business maintains compliance enterprise-wide in step with the pace of regulatory change.
Improving digital business to enhance the customer experience
The push toward digital transformation to create new digital experiences is resulting in the modernisation of legacy development approaches to serve customers. The speed of the development process has to keep up as more industries see disruptive entrants. Businesses continue to utilise, monetise and secure their digital data assets to enhance the customer experience and at the same time see a growing need to protect these critical assets.
Narrowing the IT skills gap
Across the enterprise architecture, the IT skills gap is real. It’s critical for IT leadership to have the training required to ensure employees gain a competitive advantage by leveraging a variety of modern technologies. IAM tools are a great example. Leveraging IAM tools requires different sets of skill and expertise. To be sure data isn’t accessed by unauthorised users, they need training to master all of these tools. Organisations that address the skills gap immediately will help lead the way for the next generation of digital identity professionals on a global basis.
Controlling access to IoT data
IoT is responsible for driving the largest quantity of data into data lakes for businesses to analyse and leverage for analytics – but there are security risks associated with warehousing this raw data – especially for compliance considerations. Businesses now require finer-grained access control to protect the data that IoT devices are generating, but in a way that can manage the sheer volume that is generated. A policy-based approach such as dynamic authorisation, with built in masking, redacting and filtering, allows this data to be securely shared for analysis, but to not put the business – or the privacy of individuals – at risk.
Each year businesses are faced with new technologies that continue to complicate the IT infrastructure. Businesses must always be mitigating risk and staying abreast of new ways to decrease their chances of a data breach. As more organisations move their entire IT infrastructure to the cloud, they will need to extend the built-in security capabilities of their cloud platforms. Attribute Based Access Control must be every organisations first line of defence to improve digital business in the digital age.
Gerry Gebel, Vice President of Business Development, Axiomatics
Image source: Shutterstock/Carlos Amarillo