With the New Year just around the corner, we’d like to share our security predictions for 2016. These four topics will be at the forefront for security professionals in the coming year.
1. PKI becomes ubiquitous security technology within the Internet of Things (IoT) market
It’s hard to think of a consumer device that isn’t connected to the Internet these days – from baby monitors to refrigerators to fitness devices. Of course, with the increase of connected devices comes risk of exposing privacy and consumer data. But, what happens when industrial devices and critical infrastructure connect to the Internet and get hacked? The results can be catastrophic. Security and safety are real concerns for the Industrial Internet of Things (IIoT). Regarding security, the industrial world has been a bit of a laggard, but now equipment manufacturers are looking to build security in right at the design and development stages.
Unless the security challenges of IIoT can be managed, the exciting progress that has been made in this area of connected devices will slow down dramatically. PKI has been identified as a key security technology in the IIoT space by the analyst community and organizations supporting the IIoT security standards. In 2016, we expect that PKI will become ubiquitous security technology within the IoT market. There will be an increased interest in PKI, how it plays in the IoT market and how it needs to advance and scale to meet the demands of billions of devices managed in the field.
2. Encryption and mutual authentication will be more prevalent inside the protected perimeter in defending against threats from within organizations
Data breaches have unfortunately become a normal event that will be taken increasingly seriously especially in highly regulated industries such as healthcare (where data breaches are three times as likely to occur). Heavy fines, loss of reputation and revenue, and increased regulations will drive enterprises to step up security around both data in transit and at rest. Organizations need to be more proactive in securing and monitoring their sensitive data from those inside the organization who wish to intentionally misuse the information and those who inadvertently mishandle private information such as customer data, corporate IP, or privileged IT information. The best way to do this is by applying encryption and mutual authentication technologies to guarantee both client and server identities are known and information exchanged is protected from unauthorized snooping.
3. Identities for things will outpace identities for users
Analyst firm Gartner forecasts that 5.5 million new things will get connected every day in 2016. This means 6.4 billion connected things will be in use worldwide next year (up 30% from this year). When you consider the average person has seven digital identities, it is only a matter of time before digital identities for things (devices, appliances, cars, etc.) surpass identities for users (email accounts, social media profiles, etc.). More and more value added services generated from IoT related use cases such as smart homes will be accessed through consumer and corporate mobile devices upping the ante for stronger mobile security.
4. More national ID programs, banks, and consumer oriented entities will become trusted identity providers (IdPs) capable of issuing high assurance level identities required to access sensitive data
Banks make great sense as identity providers because the identities are supported by financial information. Every user of online banking services has a trustworthy digital identity issued based on a rigorous user vetting process often including face-to-face verification, creating a great opportunity for banks to extend the value of high assurance credentials to service providers. As additional banks take the steps to become IdPs, more and more consumers will enjoy the convenience of using one set of credentials for digital identification. For example, filing tax returns or signing documents. National ID programs are moving forward as well as seen in Finland with Finnish ID. This program will offer consumers a convenient and secure method to access eGovt and commercial services. In addition, the state of Virginia established an Identity Management Standards Advisory Council, to advise on the adoption of identity standards and to ease the state toward approval of such standards. One could easily imagine Telcos, utility companies and other IdPs leveraging a spectrum of verified identities to service providers.
So, what does this mean for the CSO? Moving into 2016, we offer you some advice.
1. Look at security vendors that can offer flexible and scalable solutions that meet your needs especially around B2B and B2C use cases that require verification of external users.
2. Follow industry standards development, especially around IoT security standards and frameworks. These will provide you with the blueprints to properly implement security. For example, the Industrial Internet Consortium (IIC), a partnership of industry, government, and academia focused on establishing best practices for and growing the Industrial Internet.
3. Remember recent high profile attacks and where they originated from. Understand your weaknesses both internally and externally and execute the measures to ensure security.
Will data breaches continue to be top news in 2016? Will data security and privacy for the Internet of Everything (IoE) continue to be a top priority? We’d like to hear from you, what are your predictions for the coming year?