What are the most important trends in the IT Security industry in the year ahead? Some insights and new perspectives from eperi as we approach the new year.
There is no better time to review the past 12 months than as the year draws to an end. At the same time, this is the perfect moment to look to the future and think about the tasks and obstacles ahead. As the IT world was dominated by cybercrime, a sovereign cloud and data leaks in 2022, the new year brings new challenges for the industry. Experts are certain that we will see changes in cybersecurity in 2023. In our view, there are three key factors that will drive these changes:
1. OPTIMIZING MULTI-CLOUD MANAGEMENT THROUGH A DATA-CENTRAL SECURITY APPROACH
This is why the focus should lie on the security of the data!
For companies of all sizes and in almost all industries, migrating to the cloud is no longer just an emerging trend, but an inevitable decision. In the past, IT security requirements were defined by the storage of data on local servers. However, with the use of the cloud, this physical security barrier has largely disappeared. Companies must now develop strategies to ensure that data - often at the record level - is protected regardless of where it is stored or processed. They should not rely on their Cloud-Service-Provider (CSP) to keep their data secure. The shared responsibility model is a security and compliance framework that clearly defines the responsibilities of CSPs (e.g., Amazon Web Service, Microsoft Azure or Google Cloud Platform) and customers in securing all aspects of the cloud environment, including hardware, infrastructure, endpoints, data and operating systems, among others. Simply put, the model specifies which party is responsible for providing security for specific components. The Cloud-Service-Provider is responsible for defending and monitoring against security threats that attack the underlying Cloud-Infrastructure. Companies and organizations are obliged to protect the data and other assets stored in the cloud environment. Eric Ahlm, Senior Director Analyst at Gartner, also notes in a cybersecurity forecast for 2023 that "data-centric security is essential for data protection in today's world where data is always and anywhere available. In 2023, corporations must focus on overlaying their core security architecture with a data-centric view." In the future, more than ever, businesses will need a security approach that focuses on the security of data, rather than the security of networks, servers or applications.
2. ACHIEVING CLOUD COMPLIANCE THROUGH THE USE OF STATE-OF-THE-ART TECHNOLOGY
Cloud-Services from insecure third countries can already be used in a GDPR compliant manner today!
It is very likely that the events of the coming year will create more confusion in matters of data protection and data transfer, rather than finally bringing the long-awaited hope for clarity. Predictably, new drafts and revised policies governing EU-US data flows will only result in more lawsuits and appeals. The loss of the U.S. adequacy decision has revealed how difficult it is, in terms of data privacy, to interact with providers from countries that cannot guarantee a level of protection for personal data that is adapted to EU standards. This obstacle can be overcome already for years by companies complying with current state-of-the-art technology. The European Union Agency for Cybersecurity (ENISA) has defined the "State of the Art" together with the IT Security Association Germany (TeleTrusT). The published document on the "State of the Art" in IT security provides concrete advice and recommendations for action. For cloud-based data exchange (§ 3.2.11) and data storage in the cloud (§ 3.2.12), for example, it recommends an encryption gateway that allows full internally controlled data encryption and does not restrict important functions. Companies that protect their sensitive data with the help of an encryption gateway can use cloud applications from insecure third countries in a GDPR compliant manner. The data is stripped of its personal reference before it is stored in the cloud, so there are no restrictions on its use and storage in a Multi-Cloud environment. Companies can operate without restrictions regardless of the current legal situation and derive the greatest possible benefit from GDPR compliant data use.
3. DEFINING THE ENHANCEMENT OF CYBERSECURITY AS A CORPORATE GOAL
Why do we need to create space for cybersecurity in the corporate culture!
The corona pandemic has greatly accelerated the digitization of the working world. Many companies have introduced hybrid working models that initially only focused on securing end-user devices. It is now clear that the transition to site-independent working environments is linked to much higher data security requirements. Especially in times where cloud applications such as Microsoft Teams, Microsoft 365 and Salesforce have become an integral part of our everyday working life, companies need to find simple solutions that enable them to effectively secure their data in home-office environments as well. After all, the operational impact of security incidents can be severe - both for the company itself and for its customers. Every year, cyberattacks cause trillions of dollars in damage and can leave companies unable to act in a matter of minutes. In the past 12 months, factories, offices and branches have repeatedly been brought to a standstill as a result of advanced cyberattacks. Consequently the topic of cybersecurity must be addressed at board level and must be understood and pursued as a strategic corporate goal. Meeting the minimum level security and privacy required by law is not enough! The awareness must be raised in all parts of a company. IT solutions that are as safe and easy to use as possible can help increase acceptance. This way, for example, selective encryption can help to optimally protect sensitive data in a Multi-Cloud environment.
Soweit dieses Dokument juristische Erläuterungen und Ratgeber enthält, so stellen diese unverbindliche Informationen ohne jede Gewähr für Vollständigkeit und Richtigkeit dar. Es handelt sich insoweit nicht um Rechtsberatung und die Eperi GmbH erhebt auch keinesfalls den Anspruch eine solche darzustellen oder gar zu ersetzen.