days
0
-10
-7
hours
-2
0
minutes
-4
-4
seconds
-4
-6
Tech predictions for 2019 continue

How IT departments will better prevent security woes in 2019

Oren Eini
security
© Shutterstock / Ozz Design

2019 has only just begun – what will the year hold? Ring in the new year with tech predictions from the experts. Today, Oren Eini, CEO and founder of Hibernating Rhinos, shares some predictions about how IT departments will prevent cybersecurity problems in 2019.

It’s no secret that 2018 was a tough year for IT and security professionals. Looking back, it seems like there was at least one major breach or data leak every single day. As a matter of fact, there have been more than 1,030 incidents exposing users’ data in the U.S. just this year.

At the heart of many of these security incidents were the databases. There are a number of open “gateways” in today’s database environments that are created through poor security policies and protocols, opening organizations up to potentially malicious activity. As we begin 2019, it’s important to reflect on the many breaches over the last 12 months and identify what went wrong.

Below are three predictions about how IT departments will better prevent security woes in 2019.

Database managers gain greater security responsibilities.   

For database managers, one of their biggest struggles when dealing with security issues has been wrangling and protecting unstructured data. Thanks to the growing adoption of IoT devices within the enterprise, databases are being bombarded with the alarming growth of unstructured data. Today, most businesses simply do not have the means to corral, analyze and secure it all in a timely manner.

And unfortunately, it looks like it is only going to get worse.

According to one analyst report, the number of IoT devices is expected to grow 12 percent annually across the globe. With new types of data coming from these smart, connected tools that weren’t even on our radar back when we bought our database infrastructure a decade or so ago, it’s nearly impossible to handle it all. They’ve introduced new cybersecurity threats that are more difficult to detect, remediate and prevent. In the last few years, unstructured data has essentially made it easy for even the most novice hackers to find and encrypt for malicious activity like ransomware.

Tech tip: My best piece of advice? Slowdown in 2019 and make sure you’re checking all the right boxes on your list. It may seem obvious, but many database managers are moving so fast, they often fail to implement simple protections, like not allowing an application to release data to the public unless it is secured. In my conversations with others across the industry, it’s alarming how many developers have disabled locks during the development process and have forgotten to enable them once again after going into production.

SEE ALSO: How to overcome 5 common database challenges

Compliance demands become a top priority.

In the wake of these massive data breaches, the pressure is on for businesses to appropriately identify, disclose and resolve any potential security or privacy issues to better protect consumers. Just this year, we saw the official roll out of the General Data Protection Regulation (GDPR) in the EU, which penalizes businesses who fail to protect their customers’ data.

All across the globe, experts are anticipating their region will soon see a similar set of guidelines within their country. Even in the U.S., there have been whispers of a potential consumer privacy protection policy. With the threat of $10 million (or up to two percent of a business’ entire global turnover) in fines for failing to comply with the regulations, database managers must be laser-focused on better protecting their data and being able to answer the five Ws: What is the data? Where is it going and where has it been? Who is accessing it? When was it last accessed? Why was it moved/accessed?

Tech tip: Event processing within the database is a big undertaking, but necessary to keep a pulse on each of the Ws. Managers should look to implement Extract, Transform and Load (ETL) functions to ensure data isn’t moved from one database to another without the appropriate approvals. Without having this track record, it is nearly impossible to ensure data is compliant at all times – and that you won’t get fined.

Artificial intelligence (AI) and machine learning (ML) come back down to earth. 

It’s safe to say that AI and ML were the *hot* topics of the year. As tech professionals everywhere have boasted about their potential use cases to completely automate all sorts of functions throughout the enterprise, like customer service and software development, organizations everywhere have jumped on the bandwagon, albeit a bit too immaturely.

SEE ALSO: Top 6 API security needs for serverless applications

For cybersecurity and compliance business needs, AI and ML have been overhyped. Today, AI products in the cybersecurity world are often built on one “master” algorithm. With just that one algorithm to catch an attempted attack on a particular database, there are plenty of opportunities for an attacker to re-strategize their tactics to make their way around that specific algorithm. For reasons such as these, expect to see AI and ML play less of a role in the organization in the new year. In the meantime, database managers will come back down to earth, giving the technologies more of an analyst role to assist database teams.

Tech tip: Use AI and ML for tasks where there isn’t much room for discretion – really anything that requires minimal thinking. Even for situations where there are limited choices, a qualified algorithm can handle the task. However, for decisions where you need to make significant judgment calls, or where there may be some gray areas, it’s better to stick with good old-fashioned human ingenuity.  

Author

Oren Eini

Oren Eini, CEO and founder of Hibernating Rhinos, has more than 20 years of experience in the development world with a strong focus on the Microsoft and .NET ecosystem. Recognized as one of Microsoft’s Most Valuable Professionals since 2007, Oren is also the author of “DSLs in Boo: Domain Specific Languages in .NET.” He frequently speaks at industry conferences such as DevTeach, JAOO, QCon, Oredev, NDC, Yow! and Progressive.NET. An avid blogger, you can also find him under his pseudonym as Ayende Rahien.