Pravin Kothari, CEO of CipherCloud reveals his top security predictions for this year.
1. A rise in senior security appointments (and budgets)
Given the very high profile data breaches and security attacks on businesses this year, we will almost certainly see many more senior appointments with ‘security’ or ‘risk’ in the title. This will go hand in hand with an increase in security budgets, particularly in very large enterprises. For example, JP Morgan has already doubled its security spend to $500 million.
2. Breaches will see companies disappear
Trust is fundamental to business. But security breaches break the bond between a company and its customers. Once this trust is broken, as in several major security breaches starting with Target, it will be very hard to rebuild.
The Ashley Madison breach earlier this year put its IPO on hold, and more recently TalkTalk’s in the UK resulted in a 15 per cent stock decline, although it will be interesting to see how things will play out on the litigation front. With breach notification laws and the EU Data Privacy Regulation, we will see more companies being publicly named, shamed and financially penalised to death.
3. The year of the CASB
Regulatory focus on security, privacy and sovereignty will see cloud access security brokers (CASBs) come into their own. Companies will need to protect information across the entire IT stack and CASBs deliver the core technologies that secure data in the growing cloud applications stack.
4. The age of encryption
Attacks on Ashley Madison, Sony and TalkTalk revealed that these companies simply fail to implement basic security procedures. Encrypting sensitive data would have protected millions of customers’ information from a very public leak in Ashley Madison’s case, and would have prevented embarrassing emails from ending at least one Sony executive’s career.
TalkTalk’s CEO was quick to point out that the company was under no explicit obligation to encrypt customer data, and then its share price dropped immediately after its latest breach. Encryption will become a byword for security best practice.
5. Safe Harbor Deep Freeze
The ECJ’s Safe Harbor revocation has left a bigger void than what any legal band aid can patch. After much haggling in 2016, DC, Brussels and the 28 independent EU data protection authorities (DPAs) will finally roll out a new privacy framework.
The contentious history behind the first pact will certainly create delays in the negotiations, leaving companies to rely on proactive security tools to assure high levels of privacy for cross Atlantic data transfers. Organisations will take steps to limit exposure, including anonymisation of personal data, using encryption or tokenisation for data leaving Europe.
Pravin Kothari is CEO of CipherCloud
Throughout January, PCR is running a dedicated Sector Spotlight on The Cloud – click the logo below for more articles