Virtualization Technology News and Information
One Identity 2019 Predictions: A DevOps Doomsday Breach is Upon Us

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Jackson Shaw, VP of Product Management at One Identity

A DevOps Doomsday Breach is Upon Us

I've been keeping a close eye on cybersecurity trends taking shape as we head into 2019 based on our close work with customers. From a DevOps doomsday breach to a global spread of GDPR-like regulation implementation except for in the U.S. -- here are my top predictions for how the cybersecurity landscape will shake out in the year ahead.

A DevOps doomsday breach is upon us.

As the DevOps methodology continues to grow in popularity, we will see a rise in environments where security risks are raised, undetected and unmitigated. 2019 will be the year where unprotected systems will be provisioned in Kubernetes' pods or where some Ansible keys will be lost to external threats, thus generating an internal threat within the core IT system. From this point on, attackers will bounce off to mission-critical business data and will generate one of the biggest leaks to date.

AI goes from science experience to reality -- so long as data privacy doesn't get in the way.

In 2019, AI has the opportunity to go from being an underutilized tool to becoming interwoven into both our everyday and enterprise lives. From an explosion of facial recognition software on our mobile phones, to security analytics integrations, we've already begin to see that happen this year. As the hype cycle slows down and concrete use cases emerge, the opportunity for AI to solve complex challenges that impact all aspects of our lives is only growing. But there's one possible setback: data privacy. AI technology requires access to a lot of private data. In the wake of GDPR and the emergence of similar policies and regulations across the globe, we could see AI's growth stifled as a result.

GDPR-like regulation will catch like wildfire across the globe -- but the U.S. will continue to hold out...for now.

In 2019, GDPR will pass its first anniversary, which in the mind of the EU will have been plenty of time for organizations to protect citizen data. A breach will occur to a global brand and the EU will make an example of that company. Following by example, governmental legislators from around the globe will take notice of the new privacy "gold standard" that is GDPR and enact laws similar in nature. In fact, we're already starting to see this happen in countries like China, Singapore and Australia. Despite the recent rally cry for federal data privacy from Apple's Tim Cook, the one exception will be the pro-business, anti-regulation United States -- at least, for now. What businesses need to start to think about in the meantime are three main pillars of GDPR: defining what is personal data, identifying what must be done to protect that data, and outlining what should organizations do in the event of a breach of that data.

We'll take one giant leap closer to a no password future with top tech companies leading the charge.

In 2018, we saw a new technology catch fire that will help accelerate the demise of the password. That technology is called FIDO (Fast IDentity Online) designed to reduce reliance on passwords and protect against phishing, man-in-the-middle and replay attacks using stolen passwords. It's second iteration, FIDO2 has recently been approved before we could blink and a number of companies have jumped on the bandwagon to support via their browsers. A number of companies like Twitter, Dropbox, Google, Amazon already support it.In 2019, I expect there to be more tokens, possibly some laptops and eventually more websites will build FIDO2 capabilities into their authentication workflows. While the password may still be around in 2019, it will be taking a "turn for the worse" thanks to the bite FIDO will take.


About the Author

Jackson Shaw is vice president of Product Management for One Identity’s Identity and Access Management product line. Prior to One Identity, Shaw was an integral member of Microsoft’s Identity and Access Management product management team within the Windows Server Marketing group at Microsoft. While at Microsoft he was responsible for product planning and marketing around Microsoft’s identity and access management products including Active Directory and Microsoft Identity Manager. Shaw began his identity management career as an early employee at Toronto-based Zoomit Corp., the pioneer in the development of meta-directory products who Microsoft acquired in 1999. Shaw has been involved in directory, meta-directory and security initiatives and products since 1988.

Published Thursday, December 20, 2018 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2018>