7 January 2014

Because of Snowden Revelations, Is 2014 the Year of Strong Encryption?

January 6, 2014

2014: ‘The Year of Encryption?’

Infosecurity Magazine

January 6, 2014
WILL 2014 SEE A BIG UPTICK IN THE USE OF BIOMETRIC TECHNOLOGIES, STRONG ENCRYPTION, A RASH OF NEW KEY TECHNOLOGIES AND MORE? SOME SAY THAT THE ERA OF HAVING UNENCRYPTED DATA TRAFFIC FLOWING FREELY INSIDE ENTERPRISES WILL LIKELY SOON COME TO A CRASHING HALT, HELPED ALONG BY THE US GOVERNMENT, THE APPLE IPHONE AND OTHER DRIVERS.

Security experts at Unisys said that they are gearing up for the broad-based adoption of encryption, against the backdrop of disclosures that the US government may have accessed data from the internal networks of major ISPs.

“Regardless of what you might think of Edward Snowden, the government contractor who leaked secrets about US government surveillance, there is no denying that his disclosures have heightened awareness of cybersecurity all over the world,” said Dave Frymier, Unisys chief information security officer, in astatement. “Before that, many enterprises were running unencrypted data on their internal networks, which they believed were secure. Now they are beginning to use encryption internally as well, so we expect 2014 to be the year of encryption.”

As a result of the Snowden disclosures, officials at the highest levels of organizations around the world will very likely increase their focus on data loss prevention, encryption and prioritizing investments in security.

Unisys experts also predicted that consumers will embrace the accuracy and ease-of-use of fingerprint readers on the new Apple iPhone, leading to a broader acceptance of biometrics in general. This could jump start a rapid growth in the use of biometrics – including fingerprint, iris scanning and facial recognition – on consumer devices as a way to protect the devices and data, as well as a method to confirm the identities of users for activities such as online retail transactions.

The acceptance of biometrics will begin the evolution away from the traditional user ID/password combination used most frequently to verify online identities. Among financial institutions especially, advances such as embedded biometrics in mobile devices will give rise to greater acceptance of consumer banking transactions and e-commerce on mobile devices, the firm said. Likewise, 2014 will see banks further exploring the use of self-service outlets and kiosks that require a combination of physical and digital security methods, including biometrics.

Unisys also said that security awareness and protection techniques related to enterprise bring your own device (BYOD) programs will be on the rise. For example, Steve Vinsik, Unisys’ vice president for global security solutions, predicted a rise in “bring your own security” scenarios, in which employees using their own mobile devices for work also employ their own security measures – often without the consent or awareness of enterprise security managers.

“That opens up a whole host of issues around how enterprises deal with people having their own security on their devices, and how that interacts with the enterprise’s ability to monitor and manage that device,” Vinsik said.

Also relating to BYOD, the ability to automatically pinpoint a user’s specific device as well as its geographical location will give security managers insight into the “context” of that user’s attempt to access the network. Contextual authentication solutions can alert managers when, for example, someone outside of a pre-determined geographical area attempts to access their networks.

In the same way, attribute-based access controls identify access requests that fall outside a user’s normal pattern, such as attempts to obtain information they don’t normally access or at unusual hours. By combining these insights with other identity management methods like biometrics, security professionals can make it much more difficult for those without permission to gain access to networks and applications.

Frymier said software sandbox models, in which enterprises deploy mobile apps in an environment that is totally isolated from other applications, will continue to gain acceptance too. By employing this model, organizations can stop, start, install and uninstall corporate mobile apps without affecting other parts of the mobile device.

He added that all of this increased use of encryption will both enable and encourage more companies to adopt other technologies as well, leading to an ancillary growth in IT like the use infrastructure-as-a-service (IaaS) cloud solutions, where previously they might have had concerns about the safety of their data in the cloud.

No comments: