Sales and marketing leaders often promise their clients uncompromising service through transparency and collaboration. To deliver on these promises, they are incorporating customized apps, cloud services and mobility solutions. This may be great for the customer experience, but it is making it increasingly difficult for the organization to protect the client’s privacy and data security.
Three emerging cybersecurity trends will begin to take hold in 2020 helping organizations regain control of data — theirs and their customers’:
Zero Trust – first proposed by Forrester Research, Zero Trust is a simple concept that promotes minimal access to critical data. The traditional “castle doctrine” for data security suggested that the goal of security was to protect data stored inside the castle (on a server on the internal network) from everyone outside the castle walls (everyone on the Internet). But with more and more data stored in the cloud, on handheld devices and sensors, and at branch offices, it has become increasingly difficult to build an all encompassing wall. Additionally, if a breach is successful, restricting movement inside the castle is often left unaddressed. Assumptions, such as if I can successfully log onto a computer I will have access to everything on the computer and on the network, will be eliminated. In 2020, we will see more organizations adopting Zero Trust technologies as the tools that support this model mature and become easier to implement.
No more passwords – traditional authentication and authorization mechanisms like Active Directory (AD) rely on usernames and passwords to uniquely identify users. This model has created one of the greatest weaknesses to data security – the password itself. Companies of all sizes are struggling to develop and enforce policies and controls that prevent weak passwords, shared credentials and the need for constant password resets. A recent study determined that employees require help with password resets 6 to 10 times per year, and the cost of a help desk support call averages around $50. Depending on the number of employees in your organization, that can equate to tens of thousands of dollars a year. New technology including biometrics, and electronic keys, are driving the move away from passwords. Those technologies coupled with a second factor authenticator like a pin or pin generator help ensure the identity of a user. The elimination of passwords will likely begin in large corporations and eventually spead to organizations of all sizes.
More regulations and auditors – regardless of industry, everyone is concerned by the increased breaches in the news. Whether we like it or not, everyone is being asked to be a security expert, from screening our emails, phone calls and text message for scammers, to following protocols to help limit human error. Security regulations have been developed by industry specialists to help guide organization down the path of improved security. Unfortunately, high costs and lacking expertise has meant that many organization have “kicked the can” or avoided implementation altogether. For example, the Department of Defense (DoD) has recognized that simply publishing security frameworks hasn’t improve the security of the Defense Industrial Base. The latest Cybersecurity Maturity Model Certification (CMMC) will require security audits of a DoD contractor’s computer systems to ensure adherence with the required security standards. This is a model we’ve seen for a long time in the Financial Services and Healthcare industries and we expect to see more and more across all industries.
More about Site2: Site2 is a Managed Service Provider (MSP) specializing in red and blue team security services and incident response & recovery. For over 15 years, Site2 has helped organizations comply with federal and industry regulations including HIPAA, GLBa, and DFARS by implementing and supporting cybersecurity frameworks such as NIST 800-171 and the CSC 20. Our highly trained security analysts and systems engineers are an extension of your team.