2018 was a monumental year for cloud technologies and data security. As businesses moved application workflows to the cloud, they were forced to manage new data security challenges to balance a new modern hybrid data storage model that combines both cloud and on-premise infrastructures. With this new approach to data storage, new security threats emerge, and enterprises require modern, more advanced approaches to securing critical data assets in the cloud.
In 2019, as businesses produce more data in the cloud, create additional applications in the cloud and governments across the globe implement strict data privacy regulations, the data security landscape is only going to grow more complex. Protecting access to the shear volumes of sensitive data created and stored in the cloud is critical.
Now that the new year is upon us, it’s important to reflect on 2018 and chart a path ahead for the data security industry. The technologies and techniques businesses apply in 2019 will have major consequences on how they protect sensitive customer information in the cloud to ensure regulatory compliance.
Let’s check out what we can expect in 2019 and beyond.
Data Services Continue to Move Toward the Cloud
Businesses are launching more artificial intelligence (AI) and machine learning data projects, as the mass migration of data, applications, workflows and other business elements to the cloud continues. Cloud service providers like AWS and Microsoft Azure offer simpler, more affordable and flexible data storage systems compared to traditional storage solutions like on-premise relational databases. New data services (call it big data, data lake, and so on) emerge on a regular basis, offering new features or capabilities. It’s a priority to enhance the built-in security capabilities of the cloud platform and cloud data service providers.
DevOps Transitions to DevSecOps
Software development in the cloud is best accomplished using modern DevOps techniques to achieve faster time-to-market and continuously deliver new features at a rapid pace. However, by incorporating security into DevOps and transitioning to DevSecOps, businesses can enhance the development process by automating security processes, determining internal best practices and securely bringing new applications to market faster. With cloud infrastructures, organizations are shifting away from legacy identity and security components because they aren’t always flexible enough to adapt to a continuous development cycle, such as the evolving DevSecOps model.
Enhancing Microservices and API Security
Microservices, service meshes and APIs are often the channel enterprises utilize to access sensitive or regulated data in the cloud. When fine-grained access is required, organizations will adopt a more comprehensive approach to access control by combining OAuth and Attribute Based Access Control models. Whether deployed independently or alongside microservices in a sidecar, authorization as a microservice is a real business advantage. The benefits include proper management and governance of access scopes, cleaner APIs that are not polluted with security logic and more agile development cycles when offloading security to an infrastructure service.
The Rise of General Data Protection Regulation (GDPR) and Other Data Privacy Regulations
When GDPR went into effect in May 2018, there was continuous media coverage. Now, more than six months later, there is still confusion over how organizations are enforcing GDPR. Adding to the perplexity are new regulations arising in North America. The newly signed United States, Mexico, Canada Agreement (USMCA) agreement (NAFTA 2.0, if you will), when ratified, will restrict data localization, allowing data to travel across borders, resulting in new data privacy concerns. Canada is also introducing new data protection laws with GDPR in mind and California passed the Consumer Privacy Act of 2018 (AB375). When businesses store sensitive information in cloud platforms, the risk of unauthorized access by a third party increases. Organizations are now looking implement new security controls that protect information through a context-sensitive and risk-based access control model across the enterprise.
Digital Transformation to Improve Digital Business
Digital transformation continues to drive businesses to prioritize the creation of modern digital experiences to better serve customers. One major digital transformation initiative is moving infrastructure to the cloud. Technologies like Attribute Based Access Control helps enterprises shift to fine-grained, policy-based access control that enables authorized access only under the right conditions. As part of digital transformation, this approach enables companies to deliver a more personal, convenient and trusted mobile experiences to customers, employees and partners, while securing access to applications and data in the cloud.
Bridging the IT Skills Gap
IT tools are highly technical and require specific expertise and skills to use, often resulting in an IT skills gap across the entire organization. Identity and access management (IAM) tools are a prime example. Using different IAM tools for diverse functions require various sets of skills for each tool. Users need training to ensure they have the skills to use these new technologies to their full potential, to secure data in the cloud and beyond. It’s critical for IT leadership to invest in the training required to grow the IT function in these highly specialized areas.
Controlling Access to IoT Data
Internet-of-Things (IoT) devices are responsible for driving the largest quantity of data into cloud data platforms for organizations to leverage for analytical insights. Generating significant amounts of sensitive data requires protection, and businesses must have an overarching plan to protect these mountains of data and to authorize who can and cannot access that data. To help secure the data in the cloud that IoT devices create, businesses should look to policy-based finer-grained access to data lakes and big data.
Modern technologies have enabled new ways of doing business, but they’re also bringing new threats to enterprises across industries. As more data is generated and migrated to the cloud, the challenge to share and leverage that data securely must be faced head-on.
To enhance digital business in 2019, an attribute based access control (ABAC) model must be an organization’s first line of defense to control access to data generated through IoT devices, extend standard security capabilities of the cloud platforms and battle complex regulatory requirements.
About the Author
Gerry Gebel is the vice president of business development at Axiomatics. In this role, Gerry supports the sales, marketing and product teams by managing strategic partnerships and alliances. Before joining Axiomatics, Gerry was vice president and service director for Burton Group’s identity management practice. He covered topics such as authorization, federation, identity and access governance, user provisioning and other IAM topics. Gerry also has more than 15 years of experience in the financial services industry, focusing on security architecture, middleware support and mainframe systems.
Gerry Gebel Twitter: @GGebel
Axiomatics Twitter: @Axiomatics
LinkedIn: Gerry Gebel