• May 29, 2014

Meet the Future of Data Security

By Ed Reynolds, Security Strategist, Fellow, Enterprise Security Services, Hewlett Packard Enterprise

Security Sensors, Cryptography, and Defensive Design

Predicting IT developments is always difficult, but you don’t have to see the future to forecast an increasingly hostile environment for information security. The ranks and sophistication of those who wish to cause harm to vital systems and steal sensitive data grow every year. Organized criminal groups and state-sponsored hackers aiming to swindle valuable information and commit economic espionage are becoming more determined. And more skillful.

As the current top concern for most CIOs, data security moves even higher up on the critical list every year thanks to the new tools and techniques developed by data thieves. IT managers must devise new, ramped-up security strategies to safeguard data jewels because existing ones will not be adequate.

Hackers Are Always Looking

Some of the newer and more dangerous risks include:

  • Dynamic malware: These programs continually morph themselves into millions of variants, making them difficult to detect.
  • Frankenstein malware: This approach uses existing code within an application. It essentially rearranges the code to create new negative uses, making it possible to create a virus without developing new code.
  • Kleptography: The dark side of cryptography, this is a way of stealing information subliminally by embedding cryptographic back doors into a program.

Defensive Data Security Design

In this increasingly hostile environment, enterprise data security is undergoing a necessary foundational shift. From the very beginning, applications should now be designed with the assumption that hackers will attempt to break into them. Defense mechanisms must be built in at the outset of a project, not tacked on later. This is a mind-set change from when most software in use today was developed.

Future of date security | Meet the future of data security by HPAlso key is to use an information-centric approach to security. This strategy employs cryptography to secure individual files, rather than just the hardware and systems on which they are housed. So, even if hackers penetrated a network, they would be faced with robust defenses for each file, making their aims exponentially more difficult.

This approach requires IT organizations to hire or contract with cryptographic experts because proper implementation is vital. The challenge here is that these experts are in short supply.

IT Security Sensors

Anticipating an attack by using predictive analysis allows organizations to develop defense strategies before a breach occurs. Intrusion detection and prevention systems look for known patterns of illicit activity. Another proactive tactic that may become popular is monitoring deep operating system activity with security sensors—systems designed to detect suspicious activity and automatically alert security administrators.

A new software development paradigm could be valuable in stopping malware. Malware succeeds because we all have the same version of a software program.

So, what if commercial software came in millions of variants? What if an app store created a new version of code for each user? Multi-compiler approaches do just that and make it very difficult for attackers to target their exploits.

These approaches require sweeping changes and will take time to implement. There’s no getting around the added vulnerabilities that come with the increasing mobility of users. Include some or all of these strategies in your arsenal to create a productive, impenetrable level of security for your most sensitive data.

Please join us for discussion in the Enterprise Forward LinkedIn Group.