We're growing more connected every day. In fact, Gartner's latest forecast says that in 2016, we'll see 6.4 billion connected things, and that number will to jump to 20.8 billion by 2020. While all these points of connection and data in transit hold great potential for business applications, they also open up new security challenges.
To get some insight into the direction security is taking in 2016 and beyond, I checked in with Stephane Ibos, co-founder and CEO at Maestrano, a cloud-based platform that provides enterprise applications like data sharing, dashboards, guided tutorials and more.
Ibos believes that the cloud is proving itself as a secure environment for business but that the risks of the Internet of Things (IoT) are only starting to come to light. Securing those many points of data transfer will require innovative solutions. Based on past experience, he is certain that those innovative solutions will emerge, particularly from agile companies, but there are still challenges to overcome as outlined below.
IoT: The potential vulnerabilities
"IoT is a fantastic evolution," Ibos says, and it offers a huge potential for quality of life enhancements. But IoT devices also transmit a huge amount of data over the Internet, and that increases vulnerability and imperils security.
Not only can physical IoT devices be stolen and used to hack networks or fake identification, wireless channels are more exposed as they carry increased amounts of data with an increased probability of interception and decryption. In addition, it will be easier to reconstruct a full data set from various small samples collected here and there because the quantity of information exchanged is so great, according to Ibos.
Still, he is optimistic about IoT's future. He points to historical precedent of technology overcoming security challenges. "The early days of radio communication were not secure, until encryption devices were invented," he says. He expects the same pattern will play out with respect to IoT. Though breaches are inevitable, so is the development of new forms of security.
The fact that more businesses are gravitating toward the cloud stimulates more investment to secure it, particularly in the aftermath of headline-grabbing hacks into big companies like
Sony Corp. (NYSE: SNE) In this environment, new security solutions tend to come from smaller and nimbler companies, says Ibos.
Such innovative solutions include biometrics for authentication -- a solution that can work well in the IoT world. Biometric authentication can be a convenient option for non-critical systems, though he cautions that it would be insufficient for information-sensitive systems.
Security at the core
As we've been reading about on The New IP, achieving greater security means thinking about in a new way. "Implementing security at the core requires focus on two key aspects -- data integrity and access control, along with the usual range of security considerations," says Ibos.
This approach amounts to a paradigm shift from earlier views of security as a peripheral layer added at the end of a development or set up as a safeguard mechanism, usually intended to prevent external penetrations. (See Why Managed Security Changes Dramatically in 2016.)
"Much is invested in firewalls, external protection and encryption," but not so much in securing the integrity of the data in the face of a breach from one of those measures, he says. The flaw in that approach is that when such a layer of security is penetrated, it leaves the core of a product, system or company completely unprotected.
Ibos believes that security at the core is essential for all companies that will find their protective layer ineffectual against the increasing number of threats. Yet he says that bigger companies tend to lag behind smaller ones with respect to implementation. Smaller and innovative technology companies appear to be "more educated and more advanced in terms of security at the core."
Security-as-a-service (SECaaS) started out as delivery of security software on SaaS-like, anti-virus programs supplied over the Internet, according to Ibos. But it has since evolved and now also refers to security management provided in-house by an external organization. Like other as-a-service products, SECaaS offers the benefit of lower upfront costs, easy deployment and scalability that result from the subscription model. In addition it guarantees the most comprehensive protection available, thanks to constantly updated threat databases, adds Ibos.
While SECaaS, for the most part, is considered external protection, consisting of anti-virus, anti-malware, and intrusion detection delivered through the cloud, Ibos notes that there is also a growing trend in the SECaaS sector for the provisioning of authentication and security event management services. "This brings SECaaS a step closer to security at the core," he says.
Security: 2016 & beyond
While Ibos says, "Security is a continuous process," he is confident that the process will advance in 2016. But that does not mean all problems will be solved. "Security levels are context-dependent and one could argue that there is no such thing as a 'sufficient level of security,'" he says.
Any system contains risk, though there definitely has been progress, particularly in cloud platforms that are increasingly recognized as providing a reliable and secure environment for businesses.
— Ariella Brown, Freelance Contributor, special to The New IP