Unless you’ve been living under a rock for the last few years, you’ll already be familiar with the buzzwords du jour: Blockchain and the cloud.
One has become an established reality of modern business. The other is set to change everything… but nobody seems quite sure how, or why.
As it happens, we believe both cloud and blockchain technologies will have a tremendous impact during 2019 — albeit to solve completely different problems — but will bring with them a host of new concerns for security professionals.
Few technologies have changed corporate IT infrastructure as much as the cloud. But for all its benefits, cloud technology — and multi-cloud in particular — dramatically increases the attack surface of organizations.
Simply put, the more complex an organization’s IT infrastructure is, the harder it will be to secure. Modern multi-cloud environments add tremendous complexity to the average corporate network, and many organizations simply don’t have the skills and resources in place to adequately secure their cloud environments.
Which brings us onto our 2019 predictions for the cloud:
- Organizations will take cloud security more seriously in the wake of several high profile breaches. Uptake of Cloud Access Security Brokers (CASBs) will increase, and there will be tremendous demand for security professionals with the skills and experience to work in a multi-cloud environment.
- Even more stress will be placed on the skills shortage. In our first 2019 trends post, we noted that the need for cybersecurity professionals vastly outweighs the number available. When it comes to cloud security, which is a specialized field, that imbalance becomes even more acute. Our prediction, which is really more of a statement of fact, is that organizations will be forced to upskill existing security personnel, as finding experienced cloud security professionals will be extremely difficult.
- There will be more cloud security incidents. Again, this is our prediction, but in reality, it’s a near-certainty. Cybercriminals will go wherever they can make money, and once organizations start storing valuable data in the cloud you can be sure cyber activity will follow. It’s also worth noting that cloud services have a larger attack surface than traditionally-hosted systems, making them a more appealing (though not necessarily easier) target for cybercriminals.
- There will be at least one major cloud breach where the affected organization blames its cloud service provider. This one has been on the cards for a while, and we believe the wait will come to an end in 2019. It remains to be seen how regulators will determine fault, but it seems unlikely that pointing the finger elsewhere will be enough to avoid repercussions.
Even more than the cloud, blockchain is the buzzword of the moment. Organizations all over the world are clamoring to become early adopters, and blockchain technology is already being adapted to fit the needs of every major industry. And, naturally, as the adoption of blockchain technology rises, it will increasingly be targeted by cybercriminals.
Perhaps the most important thing for early adopters to understand is that blockchain technology is not inherently secure. In order to withstand cyber attacks, blockchain architecture must be developed and configured with security in mind. While some organizations are understandably in a hurry to realize a use case for blockchain technology, security cannot simply be added as an afterthought.
So far the vast majority of blockchain attacks have been financially motivated, and have consequently targeted the public blockchains utilized by popular cryptocurrencies. However, as organizations start to trust blockchain technology more, and use it to store sensitive (and therefore valuable) information, we can expect to see an increase in attacks on private blockchains.
In terms of 2019 predictions for blockchain technology, we have four:
- There will be a lot of investment in blockchain technology. We’ll continue to see heavy investment in financial applications of blockchain, but we should also start to see financiers taking an interest in the technology’s wider applications.
- Security industry players will aim to develop a unified framework for integration in blockchain. Whether this will be completed during 2019 is difficult to say, but ultimately there will be an agreed set of security protocols and best practices for blockchain technology.
- There will be a rise in blockchain uptake for the identity management space. Nobody likes giving away their personal information, and passwords are inherently a bad security protocol. Blockchain technology can solve both of these problems, so expect to see plenty of activity in this space during 2019.
- Privacy poisoning will become a thing. One of the major selling points of blockchain technology is that once information is recorded, it’s extremely difficult to remove it. Unfortunately, this will leave poorly implemented blockchains open to so-called “privacy poisoning,” where personally identifiable information (PII) is stored in a non-compliant way, but can’t be easily removed. There’s a simple solution to this problem (privacy by design and a ban on free text) but we can expect to see cases of privacy poisoning in 2019 nonetheless.
Whatever You Do, Do It Properly
New technologies are exciting, but they can (and usually do) also cause problems for organizations. Even relatively mature technologies like the major cloud platforms can be tricky to administer and require careful planning and development to ensure there are no major security flaws.
Ultimately, an organization’s ability to safely adopt new technologies will come down to one thing: Whether security is considered at the outset, or simply “bolted on” at the end.
The former, while more costly and time-consuming, is a strategy that will enable organizations to realize the benefits of transformative new technologies without drastically increasing their risk profile.
The latter, however, is a recipe for disaster.
Latest posts by Kudelski Security Team (see all)
- Microsoft Type 1 Font Parsing Critical 0-Day Remote Code Execution Vulnerabilities - March 24, 2020
- Cybersecurity Concerns with COVID-19 - March 18, 2020
- Global Cybersecurity Outlook: Andre Kudelski at World Economic Forum - February 19, 2020