The universe of mobile and connected devices is expanding at a rapid rate, leading to the proliferation of data transmission between applications, devices and enterprise systems. According to a recent IDC report , there are more than 1.4 billion smartphones worldwide, with that number expected to increase to more than 1.8 billion by 2020. Additionally, there are currently 6.4 billion “internet of things” connected devices , and by 2020, it is expected that there will be 20 billion connected devices. While this mass adoption presents tremendous opportunities for organizations to innovate, the deluge of data being generated also makes these devices, applications and back-end systems prime targets for cybercriminals.
Enterprises across most industry verticals, including retail and the public sector, are recognizing and adapting to changing consumer preferences. These include an increase in engaging and transacting business via mobile devices, entering personal, financial and confidential information into mobile browsers, and trusting that applications which enable great personal convenience will pose no personal threat. However, in 2017 and beyond, organizations will be tasked with responding to the changing technological landscape, to protect their brand and reputation by securing both the privacy of their customers and their sensitive data.
End-user authentication measures will expand with new technologies such as biometrics and 3D Secure to add trust and security in an interconnected world
While fingerprint scanning was the first biometric authentication technology to reach mass adoption, it is just the beginning. In 2017, we will see iris scanning and facial recognition technology being used more regularly as forms of authenticating that users are who they say they are. For example, as the health care industry increasingly incorporates mobile-based applications, wearables, and connected medical and health care devices, it is critical that staff are able to identify patients with a higher degree of certainty. Biometric verification solutions can provide the high degree of identity assurance and authentication needed for health care applications.
In addition, multifactor authentication is helping to increase the integrity of correctly identifying the person by applying multiple different sources of verification simultaneously. Combining biometric authentication with other types of authentication provides that added trust to help reduce fraud and the costs associated with fraud, as well as increase the quality of patient experience and trust.
While authentication technologies help verify the user, they do not solve the issue of potentially making the sensitive data accessible to others. Organizations must think about not only how to authenticate users, but also how to secure highly sensitive personally identifiable information and other potentially “toxic” information while still providing access to that data for analytics, insights and innovation. Format-preserving encryption, which does not break the value of data the relationships, context, format and meaning but de-identifies sensitive information, complements authentication technologies to enable secure access.
Data privacy moves away from check-box compliance to form a positive partnership with cybersecurity
Most enterprises have focused on data breach protection measures with varying degrees of success, sometimes accepting calculated risks as attacks tended to primarily yield payment card information. However, cybercriminals are increasingly targeting personally identifiable information (PII) with the intent to steal and monetize identities. With connected applications and devices such as connected home, car, medical devices and more there is a dawning realization that a security breach can cause physical harm to the individual person. Here too a data-centric approach to protecting sensitive data at the data level mitigates risk and neutralizes the effects of a cyberattack.
At the same time, there is increasing focus on just how much data privacy consumers are knowingly and unknowingly giving up with today’s technologies. The European Union General Data Protection Regulation harmonizes the data privacy regulations of the 28 member-states, but also has worldwide impact upon enterprises doing business with the EU customers no matter where they are located. Encryption and pseudonymisation technologies can be used to comply with the security requirements in Article 32 of the GDPR, and help mitigate the risk of a data breach by removing the obligation to report a data breach and avoiding the very high penalties associated with noncompliance. While Europe, the Middle East and Africa have taken the lead in data privacy regulation with GDPR, other regions will soon follow.
Data-centric security will become broadly recognized as an innovative technology for the secure movement and use of data assets across enterprise ecosystems
Enterprise IT organizations are struggling with balancing the pursuit of leveraging data insights and innovation with also protecting against cyberattacks and assuring regulatory compliance. Mobile provides an influx of PII, which adds to the security challenges as sensitive data moves through the data lifecycle from the source to the data lake. Finding solutions that apply to legacy applications and also work in the cloud and with big data, mobile and IoT technologies will become more critical than ever as the traditional network perimeter has moved to the customer’s pocket.
In 2017, organizations will protect data end-to-end, from point of capture to storage, from beginning to end of the lifecycle, enabling the implementation of new technologies to support the business, and to keep legacy applications and business processes unchanged wherever that’s needed. A data-centric security approach that leverages proven and standardized format-preserving encryption and tokenization solutions will allow for flexible processing and analytics on the data, mitigating the risk of a data breach and closing many of the gaps that attackers would exploit.
Organizations should be thinking about new mobile technologies and innovations on the horizon and start preparing now for how security will need to be integrated. The ever-increasing volume of data will certainly continue its climb in 2017, and it will only become more critical for organizations to protect this valuable asset from cybercriminals and ensure user data is safely encrypted. Whether it is authentication technologies, the increasing number of connected devices at everyone’s fingertips or GDPR, a data-centric approach to security can ensure that privacy and data protection will not be compromised in the name of innovation.
About the Author:
Smrithi Konanur, Global Product Management, HPE Security Data Security, is a frequent contributor to articles and invited panelist at retail conferences. Recent articles include Payment Ecosystem Security in the September 2016 ISSA Journal,and EMV One Year Later, and the Rise of Card-Not-Present Fraud , in the Voltage.com blog. She also was a panelist at the Mobile Payments Conference in Chicago. Download her latest podcast on