Virtualization Technology News and Information
Article
RSS
Cavirin 2018 Predictions: 2018 - The Year We Finally Take Action

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual VMblog.com series exclusive.

Contributed by Dave Ginsburg, VP Marketing, Cavirin

2018 - The Year We Finally Take Action

This last year, privacy, and the negative impact to the consumer when compromised, once again took center stage.  We morbidly joke about the breach of the month, then of the week, and now it seems as if every day, a new attack rises to the surface.  Across 2017 alone, over 1 Billion (with a ‘B') medical records were compromised in the United States, and at the beginning of October, Yahoo announced that all 3 Billion of its accounts were hacked.

The Equifax breach, of which plenty has been written, brought the problem to a head in terms of data vulnerability, the human element, appropriate (and un-appropriate) breach response, and a common awareness as to just how much confidential information on-line services gather.   Previously, I've not been a fan of government intervention, hoping that the market will regulate itself, but Equifax may serve as the catalyst for additional protections and limits to what organizations may gather, how long they may retain the data, and what technology and process protections must be in place.  What is happening in the EU with GDPR and social network responsibility could and possibly should serve as a template for the US.  Parallel to data breaches, threats to the evolving IoT/IoE are no longer a future.  They are here today.

Protection for industrial controls, home automation, self-driving cars, and even medical devices no longer can be an afterthought, or only of concern once a breach has been announced.  IoT manufacturers must secure and certify the supply chain, both hardware and software, including 3rd party vendors.  The devices themselves must support secure updating if part of a critical environment, with the how, what, and why of any connectivity thought out well in advance.  Alternatively, some high-risk devices must still be air-gapped from the Internet.  The doomsday scenario, beyond obvious threats to utilities, transportation, and telecommunications, an attack against the ‘Smart City', is an autonomous vehicle that goes rogue or a hacked IV.  Operating theatres shouldn't have to ‘go dark' for fear of compromise.  On the positive side, vendors across the different verticals are translating awareness into action, realizing their potential vulnerabilities.  Looking beyond the attack surface and today's vulnerabilities, one approach is promising.

Machine learning, AI, and big data analytics figure in almost every vendor pitch or conference demo.   They do for us!  But big data in the absence of security doesn't get you anywhere.  In fact, it increases the threat, a good example being the Deep Root breach.  Now, think of security as a positive enabler to permit us to derive the true benefits of advanced analytics.  A carrot instead of the stick.  As an example, local health records are now digitized, and HIPAA technical controls provide some protection.  Still, medical providers are still shy to share information due to the potential for breach.  Given proper protections, records may be shared, and AI used for quicker less error-prone diagnosis.  We'll hopefully see more of this secure data sharing in the coming year.

This brings up my final point, more intelligent spending.  We've invested hundreds of billions in security, and some organizations even complain about the number of point products and consoles they must monitor, with some even providing conflicting data.  Though security is a journey and not a destination, that doesn't mean that we can't speed our progress.   We'll see organizations taking an increasingly structured vs a patchwork approach, assessing the potential vulnerabilities within their infrastructures and taking immediate action.  With automation, these best practices will also extend further into the SMB/SME space where they are sorely needed.

##

About the Author 

david ginsburg 

Dave Ginsburg brings to Cavirin over 25 years of experience spanning corporate and product marketing, product management, digital marketing, and marketing automation. Previous roles included CMO at Teridion, Pluribus, Extreme, and Riverstone Networks as well as senior marketing leadership positions at Nortel and Cisco. His expertise spans networking, cloud deployments, and SaaS.

Published Wednesday, October 04, 2017 7:29 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2017>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234