With the new year now in full swing, it is time to take a look at what is in store for us in security in 2019.
Cloud has been talked about for eons, but this does not mean that the topic is obsolete. On the contrary, the transition to hybrid cloud environments, ie. ICT environments combining on-premises, public and private clouds, is more topical than ever. This transition will accelerate and will be faster than predicted in the market. Pure cloud benefits (e.g. serverless computing) can be now more clearly seen. With more cloud native players emerging, this will drive even more how things are done in organizations' ICT.
This will make security more proactive in nature, but also demands more from the people, processes and technology involved. Machine learning and AI in security are subtrends in this.
The GDPR will continue to affect how organizations process personal data, but now from a very practical point of view. The first interpretations in connection with actual cases will begin to emerge and shape the personal data and privacy landscape. A potential subtrend to this from a security point of view may be GDPR blackmail - data is stolen, and a new way of levelling the pricing is through GDPR sanctions, as they are not well enough defined. The stipulated 72-hour notification time will drive the need to make fast decisions and act quickly in such cases.
Online identities are a key factor in the digital society and economy. As we saw already in 2018, breach vectoring through identity theft makes identity governance the most searched for functionality. Identity Governance becomes more and more important.
See above; machine learning and AI provide new potential for cybersecurity. But, as it is predicted that ML and AI will make their entries to security, this means that they are already utilized in malware. First examples of AI capable malware have been seen already such as Deeplocker.
What the above boils down to is this: Cybersecurity is so complex an entity that a multi-dimensional and holistic approach is required. Traditional approaches to security involving only one aspect of the organization or technologies no longer work. Needed is an understanding of the operations and industry; broad technology coverage; and implementation experience. This requires a broad range of security expertise.
Do you have questions regarding your security for 2019? Please feel free to reach out to me, or anyone of our team.