It wouldn’t be January, without the obligatory prediction articles, taking a look at what might and might not happen in the world of each technical vertical – and cyber is no different.
Cyber At The Edge
Even before Covid-19 reared it’s ugly head, security enforcement, management and access control was heading to the “edge”. Not the edge of a cliff, but away from centralised pillars of management. The data plane and the control plane have decoupled and the enforcement aspect was being pulled into any which way but loose. Distributed microservices, operating at hyper scale, with millions of transactions a second needing authenticating and authorizing. IoT devices in their millions capturing, processing and relaying data into federated cloud services, needed client side protection before pre-processing. Now, millions of home workers are attempting to access on-premise, or on-premise managed cloud services via home networks on BYOD. The “edge” of the network has become identity centric as per the zero trust mantra.
This edge-focus will continue massively in 2021. SASE, distributed policy enforcement (such as the Open Policy Agent) and identity-centric zero trust access will all be table stakes. Not just providing protection, but more importantly allowing businesses to open up their data and services to (un)trusted third parties to innovate, improve and survive any global economic crisis.
Privacy Vendors Decouple and Innovate
Privacy has been synonymous with the main PII compliance initiatives of the last couple of years – namely the GDPR for Europe and the CCPA for the state of California. The cross-hairs have without doubt been placed upon the protection of personal data. Many sought sanctuary at the network and database layer for basic encryption. SQL extensions covering redaction, masking and policy driven controls, gave an air of protection from the eagle eyed auditor. However, the last 6 months has seen the emergence of a more dedicated privacy-first and specialist type of vendor, providing decoupled primitives. Thinking the likes of privacy vaulting technologies (see new vendor Skyflow), data centric security (see new vendor Nullafi) or encryption made simple providers like Tanker.io. (Editor – all three vendors will appear in a Vendor Intelligence briefing this month as part of the Membership only content).
It seems that privacy services now need to be a) end to end b) applicable to all data types c) applicable to data stored in any device or location. Policy driven and integratable in an API/SDK model are also a given. For developers building new complex data pipelines, these services may allow for hugely increased security at a relatively small cost for effort.
End2End Encryption Excites
A slight extension of the privacy first aspect, is that of end to end encryption. Once the luxury for military communications, end to end encryption (covering client side encryption and application level encryption) is now appearing as standard for net-new applications. Why? Technology providers are emerging, that can provide dedicated sets of encryption-as-a-service or encryption-as-an-API levels of functionality, that allow developers (who aren’t and shouldn’t be cryptography experts) to have access to base functionality such as AES encryption, hashing and Elliptic Curve key generation in a super simple way.
In addition to increased functional availability, data (and that includes PII, files and messaging) are being distributed more than ever before. It’s very likely data will be split between IoT, mobile devices, client side applications and backend cloud services during a single application transaction. It is likely multiple cloud services will be required to fulfil a single data pipeline (so think GCP, Azure and Amazon AWS in the same management cycle). In addition, business complexity is requiring a host of supply chain and joint venture style operations even for the most simple of service delivery. As a result, why not encrypt at the data source and handle authorization and decryption events away from the storage layer?
As will all predictions, take with a large pinch of salt. No encryption pun intended.
By Simon Moffatt