enterprisesecuritymag

Top Enterprise Security Predictions 2021

By Fabian Eberle, COO and Co-Founder, Keyless Technologies

1. The adoption of zero-trust technologies will be accelerated to cope with the mounting threats targeting remote workforces.

After the events of last year, we expect to see an unprecedented acceleration of digital transformation strategies – in particular the adoption of zero-trust solutions. Unlike firewalls, which can work well for securing office environments but offer no protection in remote environments, zero-trust models assume that nobody can be trusted, and therefore require users to continuously authenticate - making them perfect for remote environments where it’s impossible to physically verify a user’s identity. Zero-trust models have traditionally been synonymous with a lessened user-experience, however, modern solutions leveraging biometrics and other frictionless device-based authentication methods, are paving a new path for zero-trust security models to flourish without compromising on productivity or user-experience.

As well as providing frictionless authentication, we’re likely to see the adoption of zero-trust solutions to secure access management and authorization controls. If we think of authentication as the step a user takes to gain access to a system, we can think of access and authorization as the steps users take to move around within a system and take certain actions. Fast, frictionless multi-factor authentication solutions can help enterprises move closer to a zero-trust environment by enabling more frequent access and authorization checks.

2. We’ll see greater demand for privacy-enhancing technologies to help secure cloud environments and sensitive data

Data breaches are an increasing threat to organizations. With the adoption of cloud technologies and biometrics, enterprises are going to be forced to think about how they secure sensitive user authentication data. As we head further into the next decade, enterprises are going to shift away from centralized, local storage systems and databases, to distributed cloud storage systems that leverage privacy-enhancing technologies.

Distributed storage systems are more secure as, rather than storing sensitive data in one centrally managed location, sensitive data is stored across different hubs hosted on the cloud, rather than being kept in centrally managed locations (where it’s easy for bad actors to locate and compromise). 

To enable the secure transfer, storage, and processing of private data to the cloud, enterprises are going to look to adopt privacy-enhancing technologies or solutions leveraging them. Privacy-enhancing technologies is a blanket term for a small number of technologies that are specially designed to allow the secure processing of private data without jeopardizing the data’s contents. Two of these that are gaining the most attention are Secure Multi-Party Computation and Homomorphic Encryption. Both are privacy-first technologies that enable the secure processing of encrypted data in untrusted environments, thus enabling companies to share, process, and store encrypted data in a way that doesn’t jeopardize privacy or security.

3. We’ll see governments and businesses embracing emerging solutions for decentralized identity management

The events of last year highlighted the need for standardized, universal methods for verifying identities online, and at the same time, exposed the systemic security and privacy flaws when it comes to managing identities using centralized systems. Centralized systems are vulnerable to attacks and privacy breaches and thus, storing a user’s personal information in such systems can be disastrous when it comes to privacy. Decentralized identity solutions promise to lift the burden of managing an identity away from a centralized party and transfer that responsibility to an individual. This is enabled by decentralized ledger technology, such as a blockchain, which enables the secure, trustless transfer of private information between an individual and a service that he or she wants to connect to. There are already standardized methods for verifying a user’s identity leveraging decentralized technology, and we expect to see more businesses and government organizations embracing these standards to help secure their private and personal data, while also helping to minimize the impacts of internal data breaches.