Sol Cates | Principal Technologist, Data Protection
This may sound obvious, but our industry is very reactive. It often feels like we, as security professionals, must wait in the wings until something disastrous happens. Then, and only then, are we allowed to develop and respond to technologic trends.
So why does security consistently feel like it’s behind the curve? There are multiple reasons. We are all familiar with the dichotomy of security vs. convenience, which often positions security as the polar opposite of innovation. Many start-ups encourage a culture that values business swiftness over long term stability, and security is typically seen as too cumbersome. However, it’s possible for us to be excited about market trends and information security, we just need to begin taking the correct steps.
The security industry must start anticipating future vulnerabilities, gaps and threats, not just reacting to them. Thales will not only help your organization fill in your current gaps, we will also help you solve the security problems of the next generation. This blog will dive into the short term issues and innovations we will offer the industry and customers in the next three to six months. In our next post, we will take a look at the rest of 2017 and beyond.
So what technology trends should we anticipate and how can we remain secure? Let’s dive in…
Trend #1: Cloud adoption, and its vulnerabilities, will continue to rise
According to our last Ponemon study on global encryption trends, for the first time ever enterprises are more likely to send their sensitive data to the cloud instead of deferring due to security risk concerns. In addition, 61% of the respondents said keys for external services, such as cloud or hosted services, were the most painful to manage. We can expect these trends in cloud adoption to continue in 2017, so it’s imperative for enterprises to feel confident about the security of their data. Ultimately, users need robust cloud encryption, especially innovations that provide end-user control away from cloud providers.
Thales is a leader in the bring your own key (BYOK) movement, which allows enterprises to manage their own encryption software and keys. We have worked with Microsoft and Amazon to develop key management services and vaults for Microsoft Azure and Amazon Web Service. The resulting solutions have let enterprises take advantage of the cloud while keeping the “keys to the kingdom” in-house.
We will continue to innovate BYOK solutions in 2017. For example, Thales recently announced Salesforce Shield Platform Encryption, enabling enterprises using Salesforce to natively encrypt data at rest across their Salesforce apps without compromising business functionality. Our latest innovation offers cloud-hosted Vormetric Key Management as a Service (KMaaS), which provides reduced infrastructure and management costs to SaaS applications.
In addition, we are dedicated to developing solutions for vendors who find it difficult to talk with their hardware security modules (HSMs). This disconnection can lead to heightened operational costs, performance challenges, security vulnerabilities and more. With our solutions, users will be able to talk directly with their cloud providers, not cumbersome HSMs. Stay tuned for more information!
Trend #2: Containers, especially Docker, will become more prevalent
Organizations are aggressively adopting containers, with Docker as the clear leader in this technology. Container adoption is great for enterprise DevOps, as it provides reduced system configuration, faster application delivery, potentially lower management costs and much more. Unfortunately, the explosive adoption of containers brings some major security issues.
First things first, there are application security concerns. Faster deployments can amplify traditional application security errors at a much larger scale and speed. Second, Docker administrators have access to all Docker images and linked data sets, which means root privilege escalation attacks can expose all the sensitive data stored in Docker environments. And finally, Docker is often implemented in the cloud or shared virtualization infrastructure, bringing another level of potential exposure. In fact, many users don’t own or control the underlying hardware and software environment. This can lead to access by third parties and other traditional cloud security problems.
Ultimately, the biggest challenge is that container security seems behind the curve, we have less insight into what goes on underneath the hood. Thales has supported containers, such as Docker, for years, and we will soon be offering new capabilities for the Vormetric Data Security Platform. The Vormetric Transparent Encryption Docker Extension provides OS-level policy-based encryption, data access controls and data access logging capabilities to internal Docker container users, processes and resource sets.
Our latest extension offers deployment protestation without the need to alter containers or applications. Now your Docker containers can be both secure and agile.
Trend #3: IoT security at the manufacturer level
There are three major players in the Internet of Things (IoT) community: consumers, operators and manufactures. Consumers use IoT devices out of convenience and security is typically not on their mind. Meanwhile, operators adopt IoT devices for data collection, but have problems making sure their data is correct, customized and secure. We will address these issues further in our next blog post.
This brings us to manufacturers, the source of the devices we are physically hold and adopt. Unfortunately, many manufactures do not build security into the devices they create, which leads to glaring security holes. Unfortunately, there are no unifying security standards for manufacturers, which leads to immense chaos.
Trend #4: Encryption with little disruption
Encryption is a valuable security tool, however, it’s deployment and upkeep can be a nuisance. If you are working with very large sets of data, you typically have to sit through lengthy maintenance windows. Many organizations feel like they must accept long periods of planned downtime to support the rekeying of data. This forces IT teams to make a tough trade-off: do they choose security or availability.
Through Vormetric Live Data Transformation, we help security teams implement encryption with minimal disruption, effort, and cost This award winning product enables security organizations to utilize encryption without changing application, networking, or storage architectures. In addition, Vormetric Live Data Transformation offers patented capabilities that deliver breakthroughs in resiliency and efficiency. With Thales, you no longer have to put security over availability.
These trends and products are just a taste of the innovations Thales will bring to your organizations table in the first half of 2017. My next post will discuss what to expect for the rest of 2017 and beyond. Remember, security is not the enemy of convenience, availability and innovation. We just need to remember that our industry can do more than react to change, we can be the forces behind it.