Industry executives and experts share their predictions for 2019.  Read them in this 11th annual VMblog.com series exclusive.

Contributed by Gerry Gebel, Vice President of Business Development at Axiomatics

Data Security

As new security threats emerge and threaten sensitive customer information, businesses must develop new procedures and adopt modern technologies to improve enterprise-wide data security. In addition, data privacy regulations continue to crop up across the globe, placing an even greater emphasis on data security. The models and tools businesses adopt going forward to protect sensitive digital assets, establish regulatory compliance, enhance the customer experience and gain a competitive advantage are imperative.

As we flip the calendar to 2019, we look ahead to determine what data security trends will dominate business priorities. These trends highlight the challenges businesses face in protecting access to the increasing volume of sensitive data created and stored by businesses today.

Below are the trends we expect to dominate data security in 2019:

Data Service Continue Migrating to the Cloud

This trend continues in force: businesses are migrating all their data, applications, workflows and other business elements to the cloud while they continue launching more artificial intelligence (AI) and machine learning data projects. Traditional storage solutions like on-premise relational databases don't offer the easy, more affordable and agile data storage systems that cloud platforms like AWS and Microsoft Azure provide. As new data services emerge, with new features and capabilities, businesses must evaluate the built-in security features cloud platform and cloud data services offer for any potential vulnerabilities or limitations.

Integrating Security Within DevOps

Modern DevOps techniques help businesses that develop software achieve faster time-to-market and continuously deliver new applications at a rapid pace. By transitioning to a model now called "DevSecOps" and incorporating security into DevOps, businesses can automate security processes, determine their internal best practices and securely bring new features to market quickly. However, security solutions must also adapt because legacy identity and security components aren't always compatible with this new DevSecOps model.

Microservices and API Security is Critical

Microservices, service meshes and APIs are often the channel for accessing sensitive or regulated data. By combining OAuth and Attribute Based Access Control models, enterprises can adopt a more comprehensive approach to access control where fine-grained authorization is needed. Authorization as a microservice is a real business advantage, whether deployed independently or in conjunction with an app's microservice. The benefits this trend will bring include proper management and governance of access scopes, cleaner APIs that are not polluted with security logic and more agile development cycles when offloading security to an infrastructure service.

Regulations Galore

The hype around GDPR continued even after the new regulation went into effect in May. Now there is uncertainty over how regulators will enforce GDPR as well as new legislation arising in other parts of the world. The recently signed United States, Mexico, Canada Agreement (USMCA) agreement (NAFTA 2.0), when ratified, will restrict data localization, allowing data to travel freely across borders, resulting in new data privacy concerns. In addition, Canada is introducing new data protection laws keeping GDPR's standards top-of-mind and California passed the Consumer Privacy Act of 2018 (AB375). These regulations drive organizations to apply new security controls that protect information through a context-sensitive and risk-based access control model across the entire business.

Digital Business Transformation

Transforming legacy systems to create modern digital experiences is still a priority, and an improved customer experience is at the core of this trend. As more industries see new and disruptive entrants, the speed of the development process must keep up to help remain competitive; and businesses must find new ways to leverage, monetize and secure their digital information to enhance the customer experience.

Minimizing the IT Skills Gap

This IT skills gap is caused by overly technical IT tools that require specific expertise to use. It is critical for IT leadership to invest in the training required to ensure employees understand how to utilize various modern technologies. IAM tools are a prime example. Using divergent IAM tools requires different sets of skills for each one. The right training is at the core of implementing IAM technologies, and making sure critical assets are protected from unauthorized users.

Securing Access to IoT Data

IoT is responsible for driving the largest quantity of data into data lakes for businesses to analyze to make business decisions. With so much sensitive data at risk, organizations must control who can and cannot access that data. To help protect the data that IoT devices create, finer-grained access control is required to protect the sensitive data within the data lakes as the large quantity of data continues to flow in. With its ability to apply a policy-based approach to accessing data, as well as dynamically filtering, masking and redaction of the data itself, an Attribute Based Access Control model must be every organizations' first line of defense to control access to data generated through IoT devices. This approach will also extend the built-in security capabilities of the cloud platforms and battle complex regulatory requirements.

##

About the Author