A few weeks ago, Gartner announced what it considers to be the technology trends for 2021 during its Gartner IT Symposium. The pandemic and the current economic and business situation have directly affected these trends which, if in any case they already existed in other years, the crisis has ended up emphasizing or qualifying them in some way.
TOP 3 APPROACHES ON WHICH TECHNOLOGY TRENDS ARE BASED FOR 2021
- People Centricity. : People are still at the center of all businesses, and they need digitalized processes to function in the current environment. Within this theme, Gartner includes 3 trends:
- Internet of Behaviors
- Total Experience
- Privacy-Enhancing Computation
- Location Independence. The pandemic has changed where employees, customers, suppliers, and the organization as a whole work. This need for location independence requires a technology shift to support this new way of working. In this area, the trends predicted by Gartner are:
- Distributed Cloud
- Anywhere Operations
- Cybersecurity Mesh
- Resilient Delivery. Whether it’s a pandemic or a recession, it’s clear that we are subject to a world of high uncertainty, change and volatility. Organizations that are prepared to adapt will resist all types of disruptions. Here are the trends:
- Intelligent Composable Business
- AI Engineering
In this article we would like to highlight some of the comments revolving around some of these trends and how they relate to a data-centric approach to security.
Gartner estimates that by 2025, half of all organizations will have implemented some form of privacy-enhancing computing to process sensitive data in untrusted environments.
It is clear that data privacy has become a global necessity. Digital businesses are structured around data and privacy must be maintained. New regulations will continue forcing organizations to focus on data security.
Data protection at rest is no longer sufficient. Organizations will need to protect their data in transit and in use in this new context to maintain data privacy.
Gartner talks about being able to protect data when external vendors are using it or we have shared it with not entirely reliable partners.
If we move into the realm of unstructured data or documentation, we clearly cannot simply share data with third parties using traditional encryption. Encryption at rest helps us in the event that we lose a device, so that we do not have the data clear. Encryption in transit helps us to prevent our data from getting into the wrong hands in case communications are intercepted. However, it is critical to have encryption in use when we share with third parties: They can see the data, work on it, but cannot decode it to become the owner of it.
When we give our data to third parties, we need them to travel with the protection attached to them, and if they are accessed by unreliable people or collaborators we can control what they can do with it. At SealPath, we usually put the “data embassy” simile: Being able to see the data with control and leaving access to it in a territory (e.g. another company’s PC or device) that you do not control and that could be hostile. The data is yours and you should still be able to manage it, even if it is accessed in another “territory”.
A significant portion of the company’s critical assets and documentation is now outside the logical and physical perimeter of organizations. If this was a reality before the pandemic, the health crisis has accelerated it. Company information is now more distributed than ever in the home of employees, partners, etc.
According to Gartner, it is essential to have a “Cybersecurity Mesh” that allows secure access to any asset (i.e. data, file, device, etc.), by any person and from any place, regardless of where the people and assets are located.
This approach is directly related to the “Zero-Trust” security model where it is stated that access control should be applied to any asset regardless of location.
The company’s security perimeter is closely linked to data and identity. The context is also critical in this regard. It must be possible to determine which identity has access to which data, with which permissions, on which device, and in which location.
As indicated in this article, the concept of Cybersecurity Mesh sounds really practical and is one of the trends most likely to succeed. Attack vectors increase when the work force is remote and it becomes necessary to have the data under control regardless of its location.
If we join the concept of “Privacy Enhancing Computing” we can say that it is necessary to join Encryption + Identity Control + Context, in order to determine who, when, how, and where can access the data.
DISTRIBUTED CLOUD AND ANYWHERE OPERATIONS
New data protection regulations are causing data to move from central clouds where location does not matter much to a more distributed or local environment that takes into account the regulatory restrictions of a given country or business.
Gartner predicts that by 2025, more than half of all organizations will be using the cloud option where the location of preference can be chosen.
If we look at regulations such as EU-GDPR, a distinction is made between the data controller and the data processor. The company collecting the data is the data controller, however a problem with the data processor (e.g. a cloud where we have stored the data) does not exempt the data controller from the problem.
When our data is stored in a globally distributed cloud, we do not know where it is physically located or even who has access to it, so it is important to have tools (e.g., encryption, etc.) to ensure that we are protected against possible leakage. Having data encrypted and under control, independently of the encryption systems that the storage platform we use will facilitate compliance with regulations such as EU-GDPR.
On the other hand, the pandemic has marked the need to be able to work from anywhere. This trend will not go away after the pandemic, and it looks like it will become a true standard. Companies will have to support the business from anywhere and the collaboration “boom” is just beginning. In the following article we explained how tokeep your confidential documents from being compromised during remote work.
As such, Gartner indicates that by the end of 2023, 40% of organizations will be using “Operations from Anywhere” models.
This way of working is intimately linked to the “Cyber Security Mesh” if we want the business to function in a secure manner: It is necessary to operate from anywhere and control access to our data, devices, etc. from any location, person, etc. As we said before, data is more distributed than ever and we must guarantee a secure access to it no matter where it is.
INTERNET OF BEHAVIORS
This is one of the first trends discussed by Gartner. By 2025, Gartner predicts that half the world’s population will be subject to some kind of commercial or government “IoB” program. In this case, Gartner talks about connecting technologies for facial recognition, location, etc. to follow the behavior of certain people and establish behavior patterns. He also talks about the ethical and social debate around these controls.
However, if we take behavior analysis to the information security or corporate data control area, very interesting possibilities are opened to know the risk level on sensitive data. Having a complete analysis of access to my corporate data: Who, with what permissions, from where, number of openings of a document, blocked access attempts, etc. will give me the option to anticipate certain risks on my corporate information, regardless of where it is.
SealPath’s vision has always been a data-centric approach to security that allows us to have control over our data wherever it is:
- Applying encryption not only at rest and in transit, but also in use, which allows third parties to access the data, but not to decrypt it, while maintaining my own control over my sensitive corporate data. That is, improving the control of privacy over the data.
- Being able to control who accesses, when, how, with what permissions, from where, regardless of where the data is located. SealPath allows you to apply a “cybersecurity mesh” over the files so that they can be secure and under control in any location.
- It doesn’t matter if the cloud where I store my documents is distributed, local, public, etc. I can always have them encrypted and under control, guaranteeing an “operation from anywhere” on my data.
- I can have a complete audit of access to my data leaving a record of whether someone tries to access without permission, number of opening operations, etc. that allow me to identify possible “behaviors” and risk situations on corporate data.
Do you want to have your data protected and under control with a protection solution focused on data and prepared for the new technological trends that are coming? Contact us and we will show you how.