Digital Edition

SYS-CON.TV
Five Key IT Security Issues for the Next Two Years
Service providers, given the nature of their business, are a prime “aggregation” for all types of sensitive/valuable data

Last month, the Information Security Forum released their annual prediction of the top 10 information security threats they foresee for the next two years - through 2016. While I found the entire list insightful, half of the list resonated strongly with me as someone who is working with large enterprises as they wrestle with security and compliance challenges as they embark on cloud adoption. I believe this group of five predictions is particularly relevant for anyone utilizing the cloud over the next two years and I've added a few of my own thoughts on each.

1. Service Providers Become a Key Vulnerability
I find this first prediction especially valid and timely because of some recent headlines. Service providers, given the nature of their business, are a prime "aggregation" for all types of sensitive/valuable data. Cyber criminals and hackers realize this, which puts a big target on the backs of service providers. Think about it - a successful breach equals a treasure trove of coveted information from potentially multiple tenants. And the reality is that service providers acting as a central storage point for large amounts of sensitive data will continue to increase over the next two years, so the prize will only become richer. In response and in preparation, enterprises need to takes steps to protect their most sensitive and important data and decide which data they truly need to send to public cloud service providers.

2. Mobile Apps Become the Main Route for Compromise
Mobile apps, deployed on bring your own device (BYOD) technologies (tablets, cell phones, etc.) make it extremely difficult for IT departments to control where and how their sensitive data is accessed and by whom. BYOD means many heavily used employee devices will be actively in use and the reality is that this equipment does not have the same security in place as corporate owned devices. This, when combined with the proliferation of cloud applications (used for both personal and business), creates a perfect storm for compromising corporate data. Because of this scenario, IT and security should deploy security techniques that treat subsets of their data differently, with different levels of restriction and more security for the most sensitive data and Intellectual Property.

3. Encryption Fails
This is a very broad and provocative statement, as encryption use is increasing in the marketplace and many enterprises are becoming dependent on it for some of their data security needs. If someone asked me if this statement is true - Will encryption fail? - I would have to say that - Yes, some encryption will fail. That's because not all encryption is created equal. Enterprises need to understand that some encryption is much stronger than others; there are differences in how the technology is deployed. At Perspecsys, we allow customers to deploy the most secure, FIPS 140-2 validated encryption techniques. We also have the enterprise maintain physical ownership of the encryption keys. Both of these points are critical for successful deployment. And we support tokenization, another security method that many in the industry find has unique strengths when compared to encryption. (More information on tokenization is available here on our website.)

4. The CEO Gets It, Now You Have to Deliver
We are now hearing that cloud security is a board-level issue, so I agree that the CEO must "get it" since the CEO reports into this group. We are now starting to see generous budgets being allocated for cloud protection and security projects and IT and security teams have more resources than in the past to help combat operational risks to the business. It's now up to the IT and security teams to find the best technology and solutions for their enterprise's unique needs.

5. Information Security Fails to Work with New Generations
This is perhaps the most critically important observation. Clearly security solutions that interfere or inhibit with the way workers need to engage with the cloud will be unsuccessful. Why? Well, because employees will always find a way to work around them. Or, in a perhaps another scenario, there will be end-user pushback and operational issues that will land in the lap of IT and Security teams, creating organizational divisiveness (e.g., "those guys are stopping me from being able to do my job") and a significant productivity hit. This is why we have done a tremendous amount of original research to figure out ways in our cloud data control gateway to remain transparent/invisible to end users, meaning they can utilize cloud applications as needed and still perform functions such as search/sort on data, even when data has been tokenized or encrypted.

I commend the authors of the piece for their predictions and foreword looking insights that will help provoke the right conversations among many enterprise IT and Security teams. It sounds like the Information Security Forum is talking to some of the same people that we talk to and undoubtedly their predictions will help organizations think about how to improve and solidify their corporate IT and Security policies over the next couple years.

Read the original blog entry...


Perspecsys Inc. is a leading provider of cloud data tokenization and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like Perspecsys remove the technical, legal and financial risks of placing sensitive company data in the cloud. Perspecsys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit perspecsys.com or follow on Twitter @perspecsys.

About David Canellos
David Canellos is a security veteran who is now President and CEO of PerspecSys. An entrepreneur specializing in bringing innovative security and privacy solutions to market, he has been instrumental in establishing PerspecSys as the leader in the Cloud data Protection Gateway market.

Before joining PerspecSys, David held executive positions at Irdeto Worldwide, which acquired the company he led, Cloakware, which was a pioneer in encryption and digital rights management. Before joining Cloakware, he was the General Manager and Vice President of Sales for Cramer Systems (now Amdocs), a UK-based company, where he was responsible for the company’s revenue and operations in the Americas. Prior to his work with Cramer, David held a variety of executive, sales management and business development positions with the Oracle Corporation, Versatility and SAIC.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know ...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every ...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being soft...
The cloud era has reached the stage where it is no longer a question of whether a company should mig...
The need for greater agility and scalability necessitated the digital transformation in the form of ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an over...
ChatOps is an emerging topic that has led to the wide availability of integrations between group cha...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting ch...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and ...
While some developers care passionately about how data centers and clouds are architected, for most,...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they respon...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - w...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is...
We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy hig...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
"Cloud4U builds software services that help people build DevOps platforms for cloud-based software a...
The question before companies today is not whether to become intelligent, it’s a question of how and...