Information security is a perennially hot topic, but as 2016 kicks off, many organisations look to take stock over the past year and consider what the coming months may have in store.
Breaches of information security have certainly maintained their notoriety, hitting the headlines regularly in 2015, with major breaches hitting companies such as TalkTalk and Vtech.
Below are some expert, thought provoking, security-related predictions from the team at Rapid7, with everyone from Rapid7’s CEO & President, Corey Thomas, to the company’s Global Security Strategist, Trey Ford, weighing in, offering insights around what they think lies ahead for 2016.
Tod Beardsley, Security Research Manager at Rapid7
“I believe, and fervently hope, that the security issues dogging the Internet of Things will reach a critical level of both awareness and accountability. Given the growing coverage in mainstream media outlets about the state of security with IoT, I expect to see vendors of IoT devices take on real responsibility for the security of their devices. We in the security industry all know that hacking IoT devices is like dropping back ten years, and I believe that the mass consumer market will drive creative and realistic solutions to the problems of old software, old build processes, and the fractured patch pipeline.”
Rebekah Brown, Threat Intelligence Lead at Rapid7
“We will continue to break free from the echo chamber. We are already seeing this with security researchers spending more time talking to law makers and infosec professionals actively reaching out to engage with non-security sector organisations. This trend will (hopefully) continue into 2016 and will help break down the communication barrier that continues to plague us as an industry.”
Jen Ellis, Vice President of Community and Public Affairs at Rapid7
“We’ll see the massive focus on cybersecurity in the policy sphere continue, and perhaps even increase, with organisational and system changes made to reflect this prioritisation. With this continued emphasis on cybersecurity in the Government, I hope we’ll see the level of engagement between policy makers and the security community increase, and I hope we’ll see it drive positive outcomes. However, I am concerned that we’re likely to see some pretty scary legislation being proposed – we’ve already seen a bill that would prohibit independent security research on cars. It’s on us to educate legislators about the potential fallout of these efforts. I hope we’ll see the security community take a more collaborative, thoughtful, and productive approach to engaging policy makers, so we can avoid legislation that hinders security, rather than helping it.”
Trey Ford, Global Security Strategist at Rapid7
“Come see the softer side of security.
My prediction is probably aspirational: I am hopeful we’ll see more transparency in incident and breach communications. The public isn’t afraid of “yet another breach,” they’re afraid the organisations they have a relationship with will violate their trust. In our series on VERIS, we’ve talked about the questions the public wants to see answered: who took what action, against what systems or information, with what impact, when, and what is being done about it?
Security will continue the shift of focusing more on trust than compliance.”
Guillaume Ross, Senior Security Consultant at Rapid7
“Privacy and security will become more of a concern for consumers in 2016, and perhaps a slight marketing advantage for hardware and software vendors, though it will not become the main criteria for most people choosing a device such as a smartphone or an operating system.
As we are talking about things that will probably not happen, let’s get those un-predictions out of the way:
- The Internet will not get DDoSed by a botnet of fridges and toasters, though a few will certainly take hold.
- The Internet will not get DDoSed by a botnet of smartphones, as they will run out of power after an hour.
- Information Security jobs will not be filled rapidly, as companies will still be struggling to find staff, preferring managed services in many cases, where appropriate.
- No, not everyone will be done patching Heartbleed, and no, the amount of services exposed to the Internet at the end of 2016, including SCADA systems, will not be lower than the amount of services exposed at the end of 2015.”
Corey Thomas, President and CEO at Rapid7
“We’ll see a greater gap between the well-managed and the poorly-managed, our security version of income inequality. The poorly-managed will continue to ignore, pay lip service, and rely mostly on controls. The well-managed will recruit teams directly or through partnerships and build effective programs.”
Optimising and Securing Device Management in a Corporate Environment
By Nadav Avni, Marketing Director at Radix Technologies
The proliferation of digital devices used in every organisation has only grown in the past few years. Digital devices provide greater flexibility and mobility for companies, but they also create more of a burden on IT teams and administrators to manage it all. Is there a device management solution powerful enough to support your corporate needs?
What Is Mobile Device Management (MDM)?
Mobile devices have more capabilities than ever before – and they’re accessing more sensitive and property data, too. In fact, 42% of enterprises now consider themselves mobile-first. As more employees moved to remote work, it underscored the need for greater security. At the same time, it made device management more difficult for IT teams.
Mobile Device Management (MDM) allows the remote management of every device in an organisation’s fleet from a centralised platform that’s accessible from anywhere. It gives complete control of devices and provides a way to manage settings, policies, and security in one place.
The Importance of MDM
Nearly three-quarters (74%) of CFOs said they expect to keep some employees working from home and shift others to remote work permanently. The need to manage devices remotely isn’t going away even when the pandemic is over. Even when employees are working on-site, they still use mobile devices.
Smartphones, laptops, tablets, and other single-use devices all need management. Workers may be in different locations than IT administrators. MDM allows efficient remote management of every device in the fleet regardless of the administrators’ and employees’ location.
Some of the core functions of mobile device management include:
- Managing setting and policies
- Monitoring app usage and performance
- Updating equipment, software, and applications
- Monitoring health of equipment
- Monitoring equipment location, status, and activity
- Remote device control for diagnosis and troubleshooting
- Encryption of email and files
- Segregation for work and personal device use, creating separate and secured environments for work data.
More than Security
Most MDM solutions focus mainly on Enterprise Mobility Management (EMM) and the security layer. A fully-featured MDM/EMM system adds another layer that provides comprehensive device management. This gives IT administrators the ability to manage nearly every type of device running on every major operating system from one platform.
Flexible solutions can be installed as an on-premises solution or on the cloud for reduced latency, redundancy, and end-to-end security with encryption. When you’re running a mobile device management platform in the cloud, the service provider automatically applies updates and patches. Hence, it’s one more thing you won’t need to worry about. It also makes it easier for administrators to access the platform remotely.
Mobile devices increase the possibility of data breaches or leaks. Besides the possibility of cyber-attacks, a staggering number of laptops and smartphones are lost or stolen. On average, 70 million devices are lost or stolen annually, with less than 10% of ever being recovered. This is an exceptionally big problem for managing compliance in regulated industries, such as healthcare, financial, and other businesses.
A robust MDM/EMM software provides end-to-end security and encryption to protect data. Devices can be tracked with geofence and anti-theft filters. If a device leaves an authorised area, it triggers a warning note to administrators, who can remotely lock the device or wipe the data. MDM/EMM apps with advanced security features also create snapshots on the fly even while devices are running to make restoring or recovery from virus attacks or system crashes easier.
Besides automated data audits, these functions help organisations comply with even the most stringent compliance regulations, including GDPR, the EU’s General Data Privacy Regulations. It also acts as an essential element in complying with HIPAA, SOX, FISMA, PCI DSS, and other regulations.
More Efficient Deployment
Devices can be deployed in batches with preset configuration, settings, and corporate policies. By automating enrollment tasks, the devices can be up and running in your environment without user intervention. It all happens in the background the first time a device is fired up and connected to a network.
Besides the platform’s native and priority enrollment modules, devices can also be deployed using a range of platforms. This provides an extremely friendly out of the box experience (OOBE) for employees without tying up IT teams for hours to configure new devices.
Tools for All Stakeholders
Modern MDM/EMM tools also provide sophisticated reporting tools to all stakeholders in the organisation. IT teams can manage the entire device fleet holistically or drill down to any individual device. Managers can look at adoption and usage rates. CFOs can look at the ROI. Each automated report can be customised to show what each group of stakeholders needs to make data-driven business decisions.
Tools for OEMs and Vendors
APIs are usually available for solution developers. That means the platform can be embedded in device firmware and integrated at the factory level for OEMs. System-level integration is also possible, so mobile device management software can be pre-installed and ready to go upon device delivery.
Managing Use and Content
Not every employee needs every functionality on every device. MDM software allows you to apply single-app or multi-app kiosk mode. This creates an encapsulated environment with access to the functionality and apps you determine.
It creates a consistent look-and-feel for devices and control device elements, such as locking down external ports or preventing unauthorised interaction of non-company installed apps. You can limit external internet use or enable/disable Wi-Fi or Bluetooth connections.
Device Management Solution
One of the biggest barriers to continued remote work is the lack of technology and infrastructure to allow remote employees to work productively. Therefore, implementing a modular and flexible MDM/EMM solution is key to successfully and efficiently managing your devices. Look for one that not only accomplishes the points listed above but one that also allows customisation for just about any use case. Take control of your entire mobile device fleet and gain the ability to finally manage nearly every aspect with ease.
2021: A year of digital enablement
By Peter O’Halloran, Vice President, Global Digital Commerce, Fiserv
In 2021, digital innovation will continue to accelerate, allowing businesses to shift to new ways of operating and adapt to changing consumer behaviour and expectations. We will continue to see an increase in digital commerce and alternative payment methods, and more intertwined physical and digital experiences. Here are my five predictions for the year ahead.
- Digital commerce will continue to rise
This year, businesses will be focused on ramping up existing avenues of growth and generating new ones, leaning into experiences and incorporating lessons learned during the pandemic. To stay ahead of the competition, drive sales, and continually engage with customers, we’ll see businesses send out special offers on a more regular basis, integrate loyalty and gift schemes, as well as offer additional value-added services, such as click-and-collect services that allow people to pick up online orders in store, free shipping and better options on returns.
- Physical and digital environments will blend
A growing consideration for businesses is how to optimise and connect digital and physical experiences. There has been an exponential rise in click-and-collect services, virtual queuing and appointment systems. According to 2019 research from Barclaycard, a third of retailers (34%) saw in-store sales increase after offering click-and-collect services. And by digitalising certain parts of the customer experience, businesses from restaurants to salons can operate more safely in their physical locations. Apps that allow customers to order and pay for food in advance, or book time slots for in-person services, are some examples of how businesses will continue to connect the physical and digital environments as they navigate the current landscape.
- Alternative payment methods will proliferate
Consumer payment habits have shifted significantly since the start of the pandemic. The recent Expectations & Experiences report from Fiserv found that a large number of consumers have increased their use of mobile payment apps and person-to-person (P2P) payments, and that they expect those changes to last. We will also likely see an increase in the adoption of proximity payments, such as mobile payments, NFC payments and QR codes.
In addition, the rise of digital payments could also accelerate the adoption of local or regional payment methods to better engage with customers. There are a number of methods that have emerged and already gained popularity, such as Klarna across Europe, Paytm in India and Brazil’s Boleto voucher system.
- Commerce-enabled Internet of Things (IoT) will grow
As consumers continue to expect new payment forms and digital experiences, businesses will continue to adopt more innovative capabilities. There is a growing usage trend for IoT in commerce, such as smartphone-based or voice-enabled capabilities. From grocery, fashion to other day-to-day activities such as paying for petrol, IoT devices can enable businesses to harness customer data to gain further insight into their behaviour and provide personalised offers and services. The new year will see commerce-enabled IoT increase, as well as further digital innovations to help grow revenue streams and enhance customer experience.
- Security will continue to be a priority
As more activity moves online, security is more vital than ever. 2020 saw a proliferation of COVID-19 related scams and fraud, such as phishing emails on relief funds or health information. These trends will likely continue, evolving to latch on to the concern of the moment, and we will see businesses, payment providers and financial institutions increasing their investment in the appropriate fraud solutions to protect both their organisation and customers.
Regulatory requirements will also continue to bolster security and fraud management. In Europe, regulations such as Strong Customer Authentication (SCA), which is part of the EU Revised Direction on Payment Services (PSD2), help ensure that payments are secured with multi-factor authentication, providing additional security and assurance for consumers.
A digitally-enabled future
Many businesses have successfully adapted to a new way of operating. As we go into the new year and continue to navigate the challenges posed by the pandemic, businesses will be able to rely on those learnings to adjust quickly to changes that come their way.
Viewpoint: Autonomous Cloud Security
By Scott Dodds, CEO Ultima
Moving to the cloud securely remains a significant challenge of flexible working
While the end may be in sight for full-scale remote working, most companies are looking to continue with flexible working in some form or other. The benefits that both employers and employees have reaped in terms of cost reductions and flexibility are unlikely to be given up quickly. But in a recent survey of customers, Ultima has found that many challenges still exist for companies if they are to embrace flexible working successfully in the long-term.
The pandemic has forced many companies to innovate at an unprecedented rate, and digital transformation has moved on in a year to a place it would have taken five or more years to do. But many businesses are still struggling with the new normal. They have become more susceptible to cyberattacks, and poor IT infrastructure has resulted in poor employee experience causing productivity and profits to fall.
In a recent survey of over 200 prospective customers, Ultima asked about the challenges they were facing due to current requirements for remote working. Nearly half (41%) cited security concerns as an issue and 17% application access.
IT infrastructure is a cause for concern too. While many companies have embraced the advantages of cloud computing during the lockdown, over a third (37.5%) of respondents, don’t believe they have the capability to move to the cloud. There were a variety of reasons why the respondents don’t think they have the capability, with 16% saying it was due to legacy applications and another 16% saying it was due to budget constraints or challenges. A further 12% per cent blamed lack of in-house technical expertise and another 10% on investment being made in on-premise infrastructure.
The pandemic has created exponential growth in companies requiring cloud services, but their IT staff don’t have all the technical skills to effectively and safely move them to the cloud. This leaves companies open to security vulnerabilities as well as meaning they are not optimising their cloud environment.
While many businesses have risen to the challenges of remote working, infrastructure and security remain an issue. But automated cloud services with in-built security solutions can solve these problems. They can be bought on a pay-as-you-go basis, addressing large CAPEX outlay issues and allowing companies to overcome legacy application issues and provide security that protects both employee and company from outside attack.
Lack of capability and capacity solved
For those companies who’ve still not made the leap to the cloud, automated cloud migration services exist that can overcome the financial and skills shortage barriers to entry. Managed Service Partners (MSPs) can provide technical expertise and technical solutions to make this possible. The results of moving to the cloud can be spectacular too: from an average 30% reduction in expenditure and up to a 750% increase in productivity. They also have no upfront costs.
Using Microsoft Azure’s open and flexible cloud computing platform, for example, combined with automated migration, you no longer need to look after and buy hardware, or sort out power and cooling. Your IT infrastructure and security can be run on a pay-as-you-go basis. And if you need increased capacity, automation means you can extend your on-premises data centres and infrastructure to Azure within a few hours, providing the extra capacity required for critical systems and applications.
Poor security solved
We know that traditional security solutions don’t work well in the cloud. When customers move to the cloud, they try and take their traditional security solutions with them. But as the cloud works in a very different way to on-premises, this leaves companies open to vulnerabilities. You need a made for purpose solution, based on cloud security best practice.
With the latest automation technology security and monitoring solutions are automatically applied to existing and new workloads. It scans the collected data and includes proactive monitoring around security events that will let you know exactly what’s happened in clear-to-understand alerts, and where action should be taken if needed, covering critical areas such as anti-malware. IT staff can view in real-time their security and compliance reporting. Soon we will be able to scan a customer’s environment for security-related bad practice or incidents and make recommendations on how to fix them and even give them a score as to how they are doing.
At Ultima, we’ve also found that on moving to the cloud customers have poor visibility of what is going on in their environment. We know about 25% of companies don’t even realise they have high severity patches missing. This is down to a skills shortage and a lack of time – as patches are often done manually.
With automated cloud services, patching happens automatically on repeat and even scales as your infrastructure grows. If a patch is due and fails for whatever reason the system will automatically create an alert. This information will go to the third line technical team, and they will investigate it themselves, whether that’s your MSP or your own IT staff. The time savings to the IT department are huge – often 100’s of hours a year – enabling them to focus on other projects and have peace of mind about security.
Traditionally, you would do a true-up every month or quarter of your IT environments to bring new things, including security issues, to the management. But when you are in the cloud, you can spin things up so fast, that you will have a gap if you are only doing a true-up every month or quarter. With an automated service, you can automatically onboard things, so you don’t have to wait for the true-up process, which means you have a more proactive security service and less vulnerability. We’ve found that customers who are using automated cloud services have a 66% reduction in security incidents.
Lack of visibility of critical data solved
With ever increasing cloud resources, it can be hard to get visibility into your cloud infrastructure. The technology exists now to automatically scan and configure your cloud resources with centralised logging and telemetry capabilities. As your environment grows, this process repeats itself automatically as it scans and configures itself when new resources are added. This means that all logging information is available, and you can also see on one dashboard insights into your security posture. Usually, it’s hard to see what’s happening from a security perspective – what data is coming in and going out, top destinations, any malicious activity detected in the last 24 hours, etc. Automated services give customers a dashboard that centralises all the information to see what is happening in a simplified format and how your infrastructure is performing at a high level.
These new autonomous cloud services enable companies to free up 100’s of hours of IT staff time and reduce security incidents. Moving to the cloud has previously been a struggle for some companies as costs escalated for support, maintenance and security. New technology has changed that and is ensuring security and infrastructure are no longer barriers to successful cloud deployments and productive, flexible working.
Unexpected Growth Seen for Paint Additives Market by 2022 | Akzo Nobel NV, Arkema SA, Ashland Global Holdings, Inc
Future Market Insights (FMI) has offered a 5-year forecast for the global paint additives market in its new report titled...
Polymer Coated Fabrics Market Research Development, Top Companies, Trends And Growth 2017 To 2022 | BASF SE, Akzo Nobel NV, Saint-Gobain, PPG Industries, Inc
A new market study on polymer coated fabrics, published by Future Market Insights, reveals the changing demands for technical textiles...
Industrial Vacuum Cleaners Market Research Development, Top Companies, Trends And Growth 2018 To 2028 | Alfred Kärcher GmbH & Co. KG, American Vacuum Company, Nilfisk Group
This FMI study offers a ten-year analysis and forecast for the global Industrial Vacuum Cleaners market for the period between 2018 and...
Female Stress Urinary Incontinence Treatment Devices Market Will Exhibit a Steady 7% CAGR through 2029- Future Market Insights
The rising prevalence of urinary incontinence in pregnant women, stress urinary incontinence due to diabetes, gynaecology disorders, and urinary incontinence...
Venous Thromboembolism Treatment Market Study: Mechanical & Interventional Prophylaxis Systems Trend in North America
The global demand for venous thromboembolism treatment market is likely to grow steadily over the forthcoming years. As indicated by...
Aircraft Tire Market – By 2026 Top Winning Strategies, COVID-19 Impacting Factors, Business Strategies | Key Players – Bridgestone Corporation, Goodyear Tire & Rubber Company, Compagnie Générale des Établissements Michelin, Polymer Enterprises, Inc
Future Market Insights has adopted multi-disciplinary approach to shed light on the evolution of the Aircraft Tire Market during the historical period....
Vision Screeners Market CAGR Projected to Grow at 6% Through 2029
Global vision screener sales are likely to near US$ 500 Mn by the end of 2019. According to a new research intelligence study...
Home Sleep Screening Devices Market is Expected to Expand at an 8.4% CAGR Over 2018 to 2028 – Future Market Insights
According to the latest research by Future Market Insights (FMI), global sales of home sleep screening devices exceeded the revenues...
Fifth Wheel Coupling Market – Global Industry Analysis, Trends, Production, Revenue, Gross Margin Analysis and Forecast 2021-2028|Key Top Players- SAF Holland, JOST Werke AG, Guangdong Fuwa Engineering Group Co., Ltd., Sohshin Co. Ltd.
Future Market Insights has adopted multi-disciplinary approach to shed light on the evolution of the Fifth Wheel Coupling Market during the...
Automotive Sensors Market Report Analysis 2021 – 2028 | Global Industry Growth, COVID-19 Business Impact Analysis, Research Report, Trends with Top Key Players
Future Market Insights has adopted multi-disciplinary approach to shed light on the evolution of the Automotive Sensors Market during the historical period....