With 2018 swiftly approaching, we take a look at what we think will be the top trends in cybersecurity and data privacy for the year ahead.
Next year is an incredibly important year for IT security and data protection. We’ve already seen the wheels put in motion in 2017 for stricter data and privacy regulations as well as cloud, quantum computing and open source coming into their own. And the year ahead will see these trends mature or reach fruition. Buckle up; 2018 is going to be an interesting ride! Here’s why:
Last Minute GDPR Compliance Scramble
GDPR is a topic we’ve covered extensively on this blog, because it is one of the biggest ever data regulations to hit industry. It is so important for any organization that collects data on EU citizens to fully align with its principles; and in fact, even if you’re an organization who doesn’t collect data on EU customers, it’s still good practice – in case you plan to in the future. The driving factor for companies to get in gear to become GDPR compliant by May 25th, 2018 is the potentially colossal fines that can be levied to any organization found not to be taking the protection of sensitive data seriously.
With recent studies pointing a marked unpreparedness for GDPR, there is sure to be a scrape through to the end for plenty of companies. Organizations that act now can still prepare themselves in the final countdown to meeting compliance regulations.
Cloud-First IT Strategies
Cloud brings with it an array of business benefits, from reduced overheads, anywhere access, scalability and ease of use to name a few. It’s no wonder that many companies are making the decision to dive head-first into cloud deployments and opt for cloud-first strategies. In 2018, this mentality will prevail in all aspects of business. Sometimes, however, it is necessary to slow down and give proper consideration as to what it means for compliance, cloud security and data protection. Just because an organization is storing, using or processing data in the cloud does not relieve it of security responsibilities. In fact, if we revisit the European GDPR, it stipulates clearly that organizations themselves are the data controllers and therefore are responsible for their own data, no matter where it resides.
Organizations would put themselves in good stead for future-proofing themselves for a cloud-first strategy by adopting security controls that use encryption or tokenization to protect data before it goes to the cloud. Importantly, they should seek to gain sole control over all of their data protection processes and ensure that compliance with data protection compliance guidelines are enforced internally at a central location.
Since its creation, quantum computing has been seen as a potential threat to IT security due to it leveraging quantum mechanics to do calculations - which could be easily used to decrypt advanced encryption methods that are in place today. It’s entirely possible for a quantum revolution in the near future and tomorrow’s hackers may finally have found a way to access our encrypted data. It won’t be cheap, but it is possible and coming, so, we expect we’ll start hearing more about this serious threat and how it puts modern encryption techniques as defense method at risk. A new tactic will be needed. eperi offers a quantum encryption solution for those high profile customers who might see quantum computing as a real risk.
There has long been a debate amongst cyber security boffins about which is more secure, proprietary code that relies on hiding secrets or open source, which has many eyes constantly reviewing and updated to scan for flaws. As we see more and more devices being compromised that rely on closed source code, open source is being recognized as a more secure option. Even the Pentagon is touting its use pending the legislation is approved to permit it.
eperi welcomes this move and has used open source from the very beginning of its development to guarantee that there are no backdoors and give customers peace of mind.
Passwords are failing us. Yahoo is one such example from the past year and involved the compromise of 3 billion passwords. As the world comes to the realization that a single password used for authentication is no longer sufficient, we’ll see the rise of two-factor or multi-factor authentication. In the financial sector in particular, it is already being addressed with the PSD2 regulations that will make strong customer authentication a must.
Ultimately, what all this means is better security and privacy and hopefully less instances of data breaches for the year ahead – which is something we think we all can look forward to. Here’s to a more secure 2018!