Security Next – Predictions on New Ways It Might Become Interesting
So What Will Some of the Trends Be?
1. Securing remote workers based on a zero-trust model
2. Reassessing how we approach third-party security
3. Building security into new devices and tools
We are currently in the midst of uncharted times. Perhaps the most medically significant since 1919. The IT industry should be one of the most aware of this. During WWII Bletchley Park in Bedfordshire in June, 1944, the Colossus, (the first large-scale electronic computer used to break the German code system of teleprinter encryption) known as 'Tunny’ started running for the first time and led to the creation of the modern computer industry as we know it. Extreme times often lead to new solutions emerging.
Right now IT teams and security teams are flat out trying to keep their businesses going. So perhaps it’s not the time to talk about the future. Nevertheless, here it goes. A stab at what the impact of the current emergency will have on security going forward.
How Will Our Businesses Change in the Way That They Work?
One area which there will be change is in the way we work. The work from home (WFH) culture will become more acceptable and more common. For those of us in the technology industry it is almost the norm. For others it is not. At first many will love to get back to work to see their colleagues and escape the distractions of home. Humans are social animals after all. The demand for collaborative working will have been established and easier to do than it was before. And yet, inevitably there will be a drift to a greater WFH culture. Why spend hours commuting by car of train if you can just login? Will “Dress Down Friday” become “Stay at Home Friday?” And will we start to hear of “Maybe Not Come In” on Mondays?
Certainly, based on experiences of the 2008 market crash, business travel will be substituted for collaborative technologies to provide flexibility and cut costs. Many CFOs will welcome this.
Many CISOs and CIOS are taking tactical cybersecurity decisions to ensure continuity. The risk is that these may disrupt future strategic discussions. There is no reason that should occur if they follow zero-trust principles. Securing remote access is a fundamental part of the approach. Follow the principles now for both immediate and future benefit.
A top priority for security teams will be to ensure end-to-end protection for the expanding WFH workforce.
Will Globalisation Trends Be Impacted?
There are a lot of comments that the age of globalisation will come to an end . The risk of disruption and availability of supply will be higher up the risk register. The business models based on JIT delivery enable reduced storage costs and efficient transport systems allowing easy access to suppliers everywhere. This may well change as the need to have multiple suppliers close to hand and easy to access for critical components will outweigh the unit cost advantage of remote sources. This may change the way we look at third-party security relationships.
I recall one well-known brand company outsourcing its manufacturing to a supplier in a different country. One great risk was the protection of intellectual property. Hard to do when that country had a very different view of the legal protections afforded. In the future third-party assessments will at least come under the same legal jurisdiction, thus reducing the risk as legal redress would act as a deterrent. Not an excuse to drop one’s guard, but still a different way to think of the third-party.
How Secure Healthcare Third-Parties
We will still need to build in the required controls and focus on how we can automate the audit and checking of those controls within the third-party.
Healthcare will be the prime focus at the present. The trend to greater use of technology will only accelerate to enable trained staff to provide better care to greater numbers. More devices, more endpoints and easy secure access will be required.
But as we all know hospitals are a target for constant attacks. In the US, healthcare data breaches were reported at a rate of 1.4 per day.1. There have been moves to improve security in the UK with the NHS Digital service creating a clear security support model
However, going forward the opportunity to drive security into the new technology solutions exists and it is hoped that healthcare providers seize this chance to push higher security standards especially in the endpoint devices. Building it in at the beginning is always more cost effective.
Building Technology With Security In Mind
Most technology companies and startups work off a proof of concept, then try to get some funding or acquire users and can get well down the line of a viable product before taking security into consideration. In the future we will see technology being built from the ground up with security in mind.
References
1https://www.hipaajournal.com/healthcare-data-breach-statistics/
2https://digital.nhs.uk/services/data-security-centre/data-security-centre-cyber-security-support-model
Try Duo For Free
With our free 30-day trial you can see for yourself how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.
