Predictions for the new year: Crucial data security trends and challenges for 2019
2019 has only just begun – what will the year hold? Ring in the new year with tech predictions from the experts. Today, Pablo Giambiagi, Vice President of Strategic Research at Axiomatics dives into the trends and challenges for data security in 2019.
With more data, devices and regulations than ever before, protecting access to the large volume of sensitive data created and stored by businesses today is more critical than ever. Businesses now require modern, more advanced approaches to securing data and critical assets.
Data security is always evolving, as new technologies develop and more security threats emerge. In 2018, businesses continued migrating their application workloads to the cloud, resulting in new security needs as organizations are forced to balance a hybrid model that combines on-premise and cloud infrastructures.
As 2019 begins, we reflect on the past year to help guide our future outlook of what’s next in the data security industry. These technologies have major ramifications on how enterprises protect sensitive digital assets to ensure regulatory compliance, enhance the customer experience and gain a competitive advantage.
Let’s dive into the trends and challenges poised for growth in 2019.
Data service migration to the cloud
Businesses are launching more artificial intelligence (AI) and machine learning data projects, as they the migrate all their data, applications, workflows and other business elements to the cloud. Cloud platforms like AWS and Microsoft Azure offer easier, more affordable and agile data storage systems compared to traditional storage solutions like on-premise relational databases. As new data services arise on a regular basis, with new features and capabilities, businesses must strengthen the basic security capabilities of the cloud platform and cloud data service providers.
Transitioning from DevOps to DevSecOps
Businesses that develop software are using modern DevOps techniques to achieve faster time-to-market and continuously deliver new features at a rapid pace. By incorporating security into DevOps and transitioning to DevSecOps, businesses can automate security processes, determine their internal best practices and securely bring new application services to market fast. However, legacy identity and security components aren’t always compatible with this new DevSecOps model. Security solutions must adapt or they will become a barrier to business.
Utilizing microservices and API security
Microservices, service meshes and APIs are frequently the channel for accessing sensitive or regulated data. In scenarios where fine-grained access is a must, enterprises will adopt a more comprehensive approach to access control by combining OAuth and Attribute Based Access Control models. Authorization as a microservice is a real business advantage, whether deployed independently or alongside an app’s microservice. This trend will expose many benefits, such as proper management and governance of access scopes, cleaner APIs that are not polluted with security logic and more agile development cycles when offloading security to an infrastructure service.
General Data Protection Regulation (GDPR) and other regulations
The hype around GDPR didn’t end in May when the new regulation went into effect. There is now uncertainty over how organizations are enforcing GDPR as well as new regulations popping up in other parts of the world. The newly signed United States, Mexico, Canada Agreement (USMCA) agreement (NAFTA 2.0), when ratified, will restrict data localization, enabling data to flow freely across borders, resulting in new data privacy concerns. Canada is also introducing new data protection laws with GDPR in mind and California passed the Consumer Privacy Act of 2018 (AB375). These regulatory rules drive organizations to implement new security controls that protect information through a context-sensitive and risk-based access control model across the enterprise.
Improving digital business
The move toward digital transformation to create modern digital experiences to serve customers better is still a priority for businesses. As more industries see disruptive entrants, the speed of the development process must keep pace. Businesses are now busy trying to leverage, monetize and secure their digital information to enhance the customer experience.
Narrowing the IT skills gap
IT tools are typically highly technical and require specific expertise to use, resulting in an IT skills gap across the entire enterprise architecture. Whether it is data management tools or Identity and Access Management (IAM) tools, it is crucial for IT leadership to invest in the training required to ensure employees understand how to utilize various modern technologies to gain a competitive advantage. IAM tools are a good example. Leveraging disparate IAM tools require different sets of skills for each tool. Users require training to learn IAM tools to make sure they have the skills to address all parts of the discipline – from identity to access and authorization.
Regulating access to IoT data
IoT is responsible for driving a massive quantity of data into data lakes for businesses to analyze and use for analytical insights. With so much sensitive data at stake, companies must control who can and cannot access that data. To help protect the data that IoT devices create, finer-grained access control needs to be applied to data lakes as IoT data continues to flow in.
Modern technologies will always bring new threats to businesses across every industry. As more data is generated through IoT devices, it becomes increasingly difficult to securely share. As more organizations shift their IT infrastructure to the cloud, they need to extend the out-of-the-box security capabilities of the cloud platforms. To improve digital business, implementing enterprise-wise dynamic authorization with an Attribute Based Access Control model must be every organizations’ first line of defense.