Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Jim Varner, CEO of SecurityFirst Corp.
The Year Data-Centric Security is Taken Seriously
In 2018, a combination of market forces and legal factors
will make reliance upon traditional perimeter defenses and anomaly detection
capabilities a losing cybersecurity strategy.
With
the average breach now costing $3.6M according to a Ponemon
Institute study,
big companies may or may not be able to weather these storms, but many smaller
businesses will simply never recover from catastrophic data losses. The perils
of tarnishing a brand's reputation, the erosion of trust from customers and
considerable losses in revenue will begin to overcome the apathy some C-level
executives have had about adopting data protection.
Here are five predictions regarding the future of protecting
private or sensitive data:
1.
Organizations will spend more
on an advanced, data-centric approach
to security
While network defenses will still receive the lion's share
of the security budget, more consideration will be given to a defense-in-depth
strategy where data is also protected. Market penetration of advanced
data-centric security implementations such as Data Loss Prevention (DLP) and
Data-centric Audit and Protection (DCAP) solutions will rapidly increase.
2.
Increasing regulations will make
data privacy a key initiative
More regulations with broader-reaching implications,
stricter mandates and the threat of heavy fines (GDPR, PCI, HIPAA/HITECH, NYDFS
23, NYCRR 500, etc.) mean companies are increasingly willing to go beyond being
simply compliant with the minimum technical requirements in order to avoid
repercussions of preventable breaches. For many C-suite executives, this
evolving regulatory environment will be the reason why they embrace
data-centric cybersecurity investments in 2018 (and beyond).
3. Increased
interest in the private control of encryption keys
With 49%
of mid-size companies considering hybrid data storage environments
including cloud storage, we will see an clear need for data protection
solutions that offer organizations private control over the location and
management of encryption keys. When third-party vendors are involved - as they
are in most hybrid solutions - the ability to protect the data itself in the
event of an exploit becomes critical to avoiding humiliating and costly
breaches.
4. More
of the known and stolen zero-day exploits will be released by cybercriminals
This is already raising the awareness that even large and midsize
organizations can be breached as bots, worms and other sources of malware
automatically discover networks and assets. Breaches of tier-one organizations were
revealed rather publicly and globally in 2017, thereby demonstrating that it's
not always planned attacks against high-profile companies that result in such
breaches.
5.
An increased role for managed
service providers
For managed services providers, data protection capabilities
will become an integral component of a security services technology stack. Businesses
of all sizes are currently battling tougher and more insidious cybercrime, all
with less resources and tighter budgets. The cybersecurity skills shortage also
means there are fewer trained professionals to implement the solutions
available. MSPs and MSSPs serve an integral role in bridging the gap between
businesses' data protection needs and the rapidly expanding Data Protection as
a Service (DPaaS) market, which is expected to reach $46 billion
by 2024.
My Ultimate Expectation for
2018 (and beyond)
Market
penetration of advanced data-centric security implementations such as Data Loss
Prevention (DLP) and Data-centric Audit and Protection (DCAP) solutions will
rapidly increase in 2018 and for several years beyond. Despite the challenges,
misperceptions and potential budget constraints, industry analysts report a
large wave of late adopters now investigating EU General Data Protection
Requirement (GDPR) compliant solutions. These organizations know they must act, and act rather quickly, so
they are shortening their list of options by first pursuing integrated
solutions that can help them overcome deployment hurdles.
##
About the Author
Jim
Varner serves as Chief Executive Officer of Security First Corp, a global provider
of innovative and affordable data-centric cybersecurity solutions. Prior to
this role he served as General Manager of DataCenter Technologies of IBM System
Networking, one of his various positions at IBM where he accumulated over 30
years of technology, systems and business development experience. Mr. Varner
holds a Bachelor of Engineering in Electrical Engineering from Youngstown State
University.