Successful businesses are built on a strong foundation, including highly secure technology and fully protected data, that enables trust-based partnerships with customers and employees.
But what happens when the foundation shifts? When underlying assumptions for security have been fundamentally broken?
As outlined in Accenture Security Technology Vision 2018, this is quandary facing the security sector now. C-suite executives across the business, led by the CISO, must respond quickly by rethinking their approach in three core areas:
Upgrading cryptography to withstand quantum computing and enable future business operations
Securing hardware to the same level as software in the wake of recent microprocessor attacks
Building explainable security programs to continue intelligent monitoring in the era of stricter regulations
Intelligent Enterprises will rise to the challenge with each these security trends—both by understanding the business implications and taking strategic steps to improve security on all fronts.
Previewing the trends
To pique your interest, here are some highlights from each trend.
The Tipping Point for Cryptography—Existing cryptography methods—public key encryption, digital signatures and key exchanges—are on the verge of extinction because quantum computing jeopardizes the strength of the underlying math. A layman’s translation: all cryptographic methods and systems that support identity, communications, confidentiality and privacy across the company and with ecosystem partners and customers will need to be replaced to be sound and secure—no small task.
How quickly will the inflection point for quantum arrive? Most estimates for commercially available quantum computing range from 10-20 years, but Accenture believes that national labs and nation states will quietly break that processing barrier by 2025. The timeframe to begin planning for strategic mitigation is now.
Hard Lessons on Hardware —The early 2018 announcements about Meltdown and Spectre—CPU-level bugs—jolted the complacent view that microprocessor technologies in servers powering enterprise systems and applications, as well as in desktops, laptops, tablets and smartphones were inherently safe.
As a result, security executives must accept that a much broader attack surface is the new normal and rethink the cyber resilience of business operations. This includes revisiting every aspect of how they are delivering core and customer-facing business processes—down to the hardware and delivery platforms.
Among the lessons learned: Companies already operating in the cloud experienced much less disruption since large-scale cloud vendors were in boundary of the embargo and given six months of lead time to prepare and execute patching; greater hardware diversity (GPU, FPGA and custom hardware accelerators) may provide a better defense in future hardware architectures.
Additionally, GDPR provides a clear signal that the days of arbitrary data collection and unbridled profiling are gone. The onus is now on business leaders to create and maintain explainable programs that clarify not only what customer or employee data a company is collecting, monitoring or analyzing for insights, but also why the business is doing so in the first place.
This is especially true with AI-based security monitoring and insider threat programs that leverage behavioral, temporal and spatial monitoring to identify outliers or unusual activity. Under GDPR, these security programs will need to be reinterpreted and clearly show how they support core cyber defense processes.