Security was one of the hottest topics in 2014 for enterprise technology both in the US and overseas. In the EU, we saw high-profile companies such as HSBC Turkey, Domino’s Pizza in France and Belgium and the Central European Bank in Frankfurt become the victims of major data breaches. Both employees and customers found themselves in the firing line as customer data was targeted -- and it wasn’t a pretty sight.
As security threats evolved in 2014, the need for better security and data protection is a top priority more than ever for businesses across the EU. The European Commission plans to unify data protection within the EU with a single law, the General Data Protection Regulation (GDPR). It’s expected to be approved this year and will take effect in 2017. The regulation will mandate that companies adopt effective measures that prevent and lower the risk of data breach incidents, as well as measures that will mitigate the consequences after a breach has occurred. It means our customers will need to up their security game in preparation -- not only will they need to protect their own customers, they’ll need to educate them about how they can better protect themselves from security risks.
The effects of GDPR is still a few years away, but looking back at the events of 2014, we expect the introduction of many new technologies in 2015 to help ease the concerns and complications surrounding security more immediately. So what should you be keeping an eye out for?
1. Action from cloud providers: The Apple iCloud hack was quite a shock for many businesses and consumers, and showed providers that it’s in their vested interest to uphold high levels of security. The standards and regulations won’t change for providers this year, but that’s not to say there aren’t already a few strong ones in place. It’s about how they are implemented and architected. For instance, most cloud-based offerings should deliver open application programme interfaces (APIs) to allow seamless interaction between their services and ensure that they adhere to all the security standards to prevent being hacked. For example, last year Rackspace announced an API uptime guarantee to its private cloud which is powered by OpenStack. Box also delivers APIs and uses Okta to improve IT oversight and maintain confidentiality while sidestepping firewalls.
Ultimately it’s the cloud provider’s reputation that is at stake. Their customers put their trust in them to keep their data safe. So this year, they’ll need to take a more stringent approach to security standards in order to improve protection for businesses operating in the cloud. As a starting point, this should include complying with industry standards for cloud security, by meeting the TRUSTed Cloud Program Requirements and EU Safe Harbour requirements.
2. Say goodbye to the password: OK, maybe not quite yet. But we’re definitely going to see other forms of authentication take over passwords this year, and not on a small scale. Late last year, we saw MasterCard and Visa announce they were teaming up to develop a new security standard, 3DS 2.0., which aims to kill off passwords for online transactions. Just this week, a new survey revealed that young bank customers in Europe are keen for biometrics to replace passwords in finance. With all the different online accounts people now hold, it’s alternative password solutions like these that are clearly favourable from a user experience and security perspective.
One solution we’ve been rooting for is multi-factor authentication – which requires two or more factors to verify legitimacy of the user. It’s evolved a great deal since it was introduced in the last decade, and this year we’ll see it get even stronger as biometrics and advanced technologies start to get thrown into the mix.
3. Securing your users: With the move to the cloud almost inevitable for many businesses, the real security issue that needs addressing is not how secure the cloud is, but rather the lack of visibility and control that it presents. With almost any technology at their fingertips, employees will use whatever they need to get their work done -- even if that means accessing applications without IT jurisdiction. Our 2014 research revealed that only 9% of IT decision-makers are highly confident that they have full visibility of all the applications being used by their employees. This shows that you not only need to secure your systems from malicious outsiders, but also from the actions of employees. This is not to say they’re always a threat. They can unintentionally create a security risk for the organisation through a simple error.
This year identity management systems will become more sophisticated in EMEA, specifically more friendly for mobile as well as the end-user. These could include features such as push messaging to mobiles for approving authentication, embedded biometric sensors, Bluetooth smart-based authentication and the uptake in contact-less and NFC-based methods.
Security was a big deal in 2014, which has served as a wakeup call for the industry. But by using these 3 strategies, you’ll be better protected in 2015 to focus your attention to the business, rather than worrying about security.