In this companion piece to our recent article, The Changing Face of Data Security, we review the findings of the third part of the 2020 Thales Data Threat Report (Global Edition). In this article, we will focus on the primary challenges facing security professionals amidst an evolving technology landscape.
When it comes to the Digital Transformation challenge organisations face, transformational edge technologies like IoT and mobile payments can provide new opportunities, enhance the customer experience and customer engagement. However, as with many cloud-based technologies, the advantages of agility and availability also pose new data security concerns; especially when it comes to the handling of sensitive data.
We all know that change brings risk, but according to the research, respondents seems bullish about the security of new technology. Two thirds believe new implementations to be either very or extremely secure.
Big data continues to keep IT professionals awake at night, with 100% of respondents concerned about security within their big data environments. It’s the potentially borderless nature of these wide area landscapes, and the sensitive nature of the data traversing them, that is proving the most challenging.
The security of reports containing sensitive information topped the list of big data concerns, with the quality or veracity of data following close behind. The location of data is also at the root of many concerns. With new data protection legislation, like the GDPR, proving it has teeth, data sovereignty has become a priority issue.
Internet of Things
No IT security report would be complete without an analysis of the unique pressures brought to bear by the rapidly expanding IoT. By the middle of this year there were already over 7 billion connected IoT devices, a number that is expected to triple by 2025. With this vast landscape, it is no surprise that attacks on connected devices that may impact critical operations are front of mind.
The security of sensitive data captured or generated by IoT devices also ranks highly amongst respondents, as does a perceived lack of skilled personnel to implement IoT security. The rapid expansion of the IoT market makes it difficult to keep up with emerging technologies, plus the physically constrained nature of many IoT devices means a demand for the miniaturisation of some security technologies. It is also apparent that regulatory bodies appear slow to react to the emerging market, with a lack of frameworks and standards to rely upon.
As mobile payments become the new normal, they introduce a unique set of data security challenges. Almost all respondents in the Thales report are concerned about the potential exposure of personally identifiable data and payment card details. The weighty fines dished out by regulatory authorities in recent years have served as a sharp reminder of the consequences of a data breach. Mobile apps are also a growing vector of attack for cyber-criminals seeking account takeover.
As use of containerization becomes more widespread the security market will, no doubt, mature. However, at present, there is some concern over the security of data held in containers, especially if they are a shared resource. There are also widely held concerns over unauthorised access to containers and the potential vulnerabilities associated with container images and patching.
“Encryption, anti-malware, and digital signatures are important solutions for organizations to employ as understanding of containers develops.”
Regarding DevOps, 98% of respondents are concerned about data security of their DevOps environment. Approximately, 1 in 3 of respondents were worried about key management and certificate storage practices which shows there is more work to be done on the understanding the importance of key management and the use of hardware security modules.
Download your copy of the 2020 Thales Data Threat Report