Executive Viewpoint 2017 Prediction: SecureAuth – Themes for the Year to Come
In 2016, we saw countless achievements in the information security space. However, cybercriminals continued to refine their tactics as well. Cybersecurity never slows down: both the industry and our challengers will keep marching forward. So what can we expect in 2017? How will the threat landscape evolve and how can we prepare ourselves? Here are my predictions for the year to come:
1. Biometrics On the Rise
Next year, biometric security technology – such as fingerprints, facial recognition, iris identification and more – will be seen as a simpler way to confirm who you are and thus become increasingly common. In addition, we will start to see biometrics applied more with phone/device authentication, instead of simply on their own. Now, there is no technological silver bullet when it comes to information security. While it’s incredibly difficult to replicate biometrics used for verification, they are not impervious to a determined adversary. Organizations will need to layer this technology within another verification technique, such as device authentication. In 2017 and for the foreseeable future, security will continue to be about layers.
2. The Year (or Decade) of Hybrid Cloud
Cloud computing clearly offers enterprises many benefits: agility, scalability, cost savings and more. Part of the challenge for organizations, however, has been navigating what is becoming more of a religious question of sorts: cloud or no cloud. Unfortunately, this question has kept many organizations from finding ways to meet their needs for cloud and on-premise applications. Next year, enterprises will continue to move cautiously towards hybrid solutions, especially since they may not be willing to move mission-critical applications to the cloud any time in the near future. Vendors will also continue to develop solutions that can enable organizations to succeed in this new hybrid world.
3. Consolidation Where Possible, Integration at a Minimum
Over the course of this next year, we will continue to see significant merger and acquisition events in the security space. However, vendors will also develop additional standards, application programming interface integrations and workflows that resolve business issues across siloed security technologies. Vendors are trying to be a one-stop-shop and not meeting the needs of the enterprise, as opposed to integrating well with other technologies. Customers always prefer fewer technologies, but significant problems are not always well solved by those vendors that offer more.
4. Attackers Continue to Circumvent 2FA
2016 saw multitudes of high-profile data breaches: Yahoo!, DailyMotion, the DNC, and these events shook both consumers and businesses. Many organizations will continue scrambling to implement two-factor authentication, but past events have shown that is an outdated, and reasonably unsuccessful, solution. Cybercriminals can easily circumvent this technology and I am not sure they will need to do much more evolving. Bad actors will simply use the methods they use today to sidestep simple second factors. In 2017, companies will, and must, take a more layered approach around securing identities and not rely on two-factor authentication.