Information technology is a rapidly changing field and IT security even more so. Since the introduction of GDPR in 2018, we’ve seen a shift in emphasis towards personal data and ensuring it’s held in accordance with compliance rules. This, in turn, has put more pressure on firms to guard personally identifiable information (PII) effectively, in addition to understanding what data is being held, where and for what purpose.
But this emphasis on data protection has perhaps taken focus away from some of the other trends that are shaping the industry, all of which have security implications.
The move of data and systems to the cloud has been happening for some time and it shows no signs of slowing down. By next year, over 80 per cent of business workloads are expected to be in the cloud.  In order to protect this data, enterprises need to be aware of their responsibilities and those of the cloud provider.
They also need to consider the mandatory use of encryption for any data that is transited to a public cloud service. This needs to be made as seamless as possible in order to prevent users from attempting workarounds.
It’s an increasingly rare software package that doesn’t now claim to use some form of AI. There is clearly demand for solutions that incorporate AI, machine learning and sophisticated analytics technologies. This is as true of security as anything else.
AI and related technologies offer the opportunity for lighter weight security solutions that don’t need to be backed by the extensive databases of old. This is, however, no excuse for failing to put effective policies and controls in place, such as conducting regular risk analyses and keeping on top of configuration management.
If AI is the current ‘big thing’ in the world of software then blockchain is likely to be the next one. Currently associated primarily with the handling of cryptocurrencies, blockchain has major prospects when it comes to the secure handling of transactions and contracts.
Blockchain makes it hard for hackers and cyber criminals to tamper with data and does away with the single point of failure as all transactions are interdependent. There are already some live applications such as the US Food and Drug Administration using blockchain to secure the sharing of health data.  While it has yet to enter the mainstream, blockchain is definitely something that security professionals need to keep a close eye on.
Internet of Things risk
We’ve already seen Internet of Things devices used to carry out several significant cyber attacks.  These remain a risk because the devices themselves usually have little spare capacity for protection, but also because in the rush to bring IoT equipment to market, security can often be seen as a secondary consideration.
Defending against these risks requires a back to basics approach. For the devices themselves, default passwords need to be changed immediately on installation. Companies should also look to source equipment from reputable manufacturers rather than saving a few pounds in buying cheaper alternatives. But IT managers also need to be on the alert for ‘shadow’ devices appearing on their networks that may potentially lack protection. For now, the onus is on companies to protect themselves, but expect legislation at some point to require a security by design approach.
In all of this, it’s vital to remember that the old threats of phishing and social engineering haven’t gone away and techniques are becoming more sophisticated. While gearing up to deal with emerging issues, you can’t ignore the existing ones.
If you have adopted cloud technologies already or are thinking about it, give Cloudworks a call and we will find the best strategy and solution to fit your business. We are experts in migrating businesses to the cloud and adopting new cloud strategies.
Call us on 0115 824 8244 or email firstname.lastname@example.org to find out more.