Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Jackson Shaw, VP of Product Management at One Identity
A DevOps Doomsday Breach is Upon Us
I've been keeping a close eye on
cybersecurity trends taking shape as we head into 2019 based on our close work
with customers. From a DevOps doomsday breach to a global spread of GDPR-like
regulation implementation except for in the U.S. -- here are my top predictions for how the cybersecurity landscape will shake out in the year
ahead.
A DevOps doomsday breach is upon us.
As the DevOps methodology continues to grow in popularity, we will
see a rise in environments where security risks are raised, undetected and
unmitigated. 2019 will be the year where unprotected systems will be
provisioned in Kubernetes' pods or where some Ansible keys will be lost to
external threats, thus generating an internal threat within the core IT system.
From this point on, attackers will bounce off to mission-critical business data
and will generate one of the biggest leaks to date.
AI goes from science experience to reality -- so long as data
privacy doesn't get in the way.
In 2019, AI has the opportunity to go from being an underutilized
tool to becoming interwoven into both our everyday and enterprise lives. From
an explosion of facial recognition software on our mobile phones, to security
analytics integrations, we've already begin to see that happen this year. As
the hype cycle slows down and concrete use cases emerge, the opportunity for AI
to solve complex challenges that impact all aspects of our lives is only
growing. But there's one possible setback: data privacy. AI technology requires
access to a lot of private data. In the wake of GDPR and the emergence of
similar policies and regulations across the globe, we could see AI's growth stifled
as a result.
GDPR-like regulation will catch like wildfire across the globe --
but the U.S. will continue to hold out...for now.
In 2019, GDPR will pass its
first anniversary, which in the mind of the EU will have been plenty of time
for organizations to protect citizen data. A breach will occur to a global
brand and the EU will make an example of that company. Following by example,
governmental legislators from around the globe will take notice of the new
privacy "gold standard" that is GDPR and enact laws similar in nature. In fact,
we're already starting to see this happen in countries like China, Singapore
and Australia. Despite the recent rally cry for federal data privacy from
Apple's Tim Cook, the one exception will be the pro-business, anti-regulation
United States -- at least, for now. What businesses need to start to think
about in the meantime are three main pillars of GDPR: defining what is personal
data, identifying what must be done to protect that data, and outlining what
should organizations do in the event of a breach of that data.
We'll take one giant leap closer to a no password future with top
tech companies leading the charge.
In 2018, we saw a new
technology catch fire that will help accelerate the demise of the password.
That technology is called FIDO (Fast IDentity Online) designed to reduce
reliance on passwords and protect against phishing, man-in-the-middle and
replay attacks using stolen passwords. It's second iteration, FIDO2 has
recently been approved before we could blink and a number of companies have
jumped on the bandwagon to support via their browsers. A number of companies
like Twitter, Dropbox, Google, Amazon already support it.In 2019, I expect
there to be more tokens, possibly some laptops and eventually more websites
will build FIDO2 capabilities into their authentication workflows. While the
password may still be around in 2019, it will be taking a "turn for the worse"
thanks to the bite FIDO will take.
##
About the Author
Jackson Shaw is vice president of Product Management for One Identity’s Identity and Access Management product line. Prior to One Identity, Shaw was an integral member of Microsoft’s Identity and Access Management product management team within the Windows Server Marketing group at Microsoft. While at Microsoft he was responsible for product planning and marketing around Microsoft’s identity and access management products including Active Directory and Microsoft Identity Manager. Shaw began his identity management career as an early employee at Toronto-based Zoomit Corp., the pioneer in the development of meta-directory products who Microsoft acquired in 1999. Shaw has been involved in directory, meta-directory and security initiatives and products since 1988.