1st article*: A professional marathon inviting industry specialists and business managers to think, to learn and to act against digital security threats.
Data security has always been one of the critical points in the IT industry, which has developed a real phobia for understanding, prevention and threat intelligence that addresses the inherent vulnerabilities of a system. The digital revolution generated by large technologies adoption in business processes has led on the one hand to mitigate risks but also generated new threats associated with key unexplored.
In his permanent engagements in innovative technology research and new trends adoption, IDC is developing a large frame of activities dedicated to data security and data privacy issues. Part of this engagement, IDC IT Security Roadshow examines global and regional trends related to security and provides actionable advice and best practices for organizations in an era of digital transformation.
Organizations increasingly invest in 3rd-Platform technologies primarily to spur business efficiency and improve business agility, and transform themselves into digital enterprises. These digital enterprises have dedicated fewer resources to securing their 3rd Platform-enabled technology infrastructure in recent years. They are now giving a higher priority to deploying advanced security solutions, as next generation technology investments pose higher security risks. IDC predicts that by 2017, over 10% of security investment will be spent in connection with personal data protection and regulatory compliance.
This year IT security conference series investigates the threats to key systems, data, and networks, and the main actions that organizations need to take to secure them. IDC is inviting security professionals not only to look at investing in security solutions, but also at people and processes, employees and business partners, helping individuals and organizations to develop a strategic thinking.
IDC IT Security Roadshow 2016 is first of all a powerful concentration of forces to communicate, to invite, support and disseminate information of the highest value to a heterogeneous community of specialists. It’s hard to organize and to hold an event. IDC Security Roadshow includes 20 events, in 20 locations in 18 countries from CEMA region, addressing over 3000 experts.
Bucharest was the 10th Roadshow location, after the conferences that have already taken place starting February in Kiev (Ukraine), Prague (Czech Republic), Moscow (Russia), Belgrade (Serbia), Zagreb (Croatia), Nicosia (Cyprus), Budapest (Hungary), Bratislava (Slovakia), and St. Julians (Malta).
Until September 2016, other ten conferences will be held in: Warsaw (Poland), Almaty (Kazakhstan), Athens (Greece), Tbilisi (Georgia), Baku (Azerbaijan), Minsk (Belarus), St. Petersburg (Russia), Cluj (Romania), Vienna (Austria), and Tashkent (Uzbekistan).
Bucharest conference gathered together leading specialists in IT and cyber security independent experts, recognized analytics and key market players to discuss about: threats and vulnerability management, identity & access management, Web security & mobile security, network security, endpoint protection and threat intelligence security services.
Within last three years, many Romanian companies were exposed to an increasing number of cyber-attacks and were forced to take emergency measures to prevent the threat and overcome the consequences. Unfortunately, the number of cyber-attacks will continue to increase exponentially in the coming years. During his introductory keynote, Thomas Vavra – Associate Vice President Software IDC CEMA, presented a series of facts shaping Romanian IT security landscape related to cybersecurity law adoption and the critical importance of European efforts toward a harmonized regulation frame for all the countries. European Data Protection and EU-US Safe-Harbor Privacy Shield are key part of European Commission strategy to create the Digital Single Market.
A happy coincidence made that just during the conference in Bucharest in April 14th, the European Parliament announced final vote for the long-awaited General Data Protection Regulation (GDPR). EU members will now had two years to implement the new regulations, proposed by former EU justice commissioner Viviane Reding four years ago. The data protection reform package includes both the GDPR and the Data Protection Directive for Police and Criminal Justice Authorities. It replaces current rules based on directives laid down in 1995 and 2008.
Made in practice, GDPR will give citizens of all 28 member states more information on how their personal data is processed, presented clearly and understandably. They have now the right to know as soon as possible if their personal data is ever compromised, while the “right to be forgotten” has been clarified and strengthened. It will also become easier for people to transfer data between service providers, with the introduction of a right to data portability. The EU also said it saw benefits for businesses, with companies having only to deal with one supervisory authority across the EU, as opposed to one in each member state in which they operate.
IDC’s critical considerations exposed by Tomas Vavra in Bucharest refers to the necessity for a correct evaluation of the impact of proposed data protection rules by a continuous monitoring of data processing procedures. Extending existing solutions to meet specific requirements of national and regional data protection regulations is also a must. Any company and any organization had to plan ahead to have data protection solutions in place prior to their impact in business and operations.
IDC Top 3 Cybersecurity Predictions
#1: Data Protection Regulations – By 2019, 25% of security spend will be driven by the EU and other jurisdictional data regulations, leading to a patchwork of compliance regimes;
#2 Data Breach Impact – By 2020, more than 1.5 Billion People will be affected by data breaches, increasing calls for regulation and alternative authentication measures;
#3: Biometric Authenticated Transactions – By 2020, one-fourth of all worldwide electronic transactions will be authenticated biometrically, driven by the use of biometric-enabled devices.
What is clear in this moment is organizations should rethink their security strategies and to adapt their prevention and protection platforms to the new paradigm. In the actual context of digital transformation, data protection and data privacy are between most disrupted factors. Cloud intensive adoption, Internet of Think platform impact in all industries and mobile apps explosion opened new fronts for new vulnerabilities and more dramatic threats.
Adoption of 3rd platform and innovation driven business demands security evolution. Next-generation security solutions should be designed for distributed architecture, incorporating intelligent threat tools offered by Big data and Analytics technologies and data security anomaly detection based on contextual awareness and machine learning advanced mathematical models.
One of the newest and most emerging trend in data security is integration of biometric identification technologies. IT providers have quickly adopted alternative identification technics launching new smartphone models with fingerprint sensors, electronic payment with fingerprint reader as secondary validation system, voice recognition sensors in call centers, facial recognition scanners at events, or iris scan authentication at ATMs.
Unfortunately, a long series of incidents caused by hackers who broke biometric safety barriers and stole entire fingerprint data bases dismounted limits of new technologies credibility. A very active opposition is generated also by a large diversity of lobby groups demonstrating against privacy issues generated by large biometrics adoption.
In his critical considerations and advises for the industries, IDC specialists recommend a carefully adoption of biometric technologies and only as supplementary identification. Passwords are not death. Any biometric system should be designed on deeply analysis of customer behaviour, consolidating the traditional methods of biometric data protection.
Ending opening keynote Thomas Vavra outlined the IDC’s key takeaways relating to security protection and data privacy:
- Organizations should achieve full compliancy to rapid development of national and regional regulations;
- Legacy security solutions are insufficient against modern and advanced threats opened by digital transformation;
- New strategies should be based on intelligent solutions and services, engaging expert partners able to deliver proactive prevention;
- 3rd Platform development requires optimum solution for improving identity and authentication;
- Security specialists are key assets in any organization which should consolidate more efficient recruitment and retention program, providing also properly security training for all employees.
Concluding, we have to be optimistic. Keep strong passwords and your data will be safe. Even for security industry the best is yet to come. The staffing impact of the GDPR will be huge. More than 28,000 data protection officers (DPOs) will be required in whole Europe alone according GDPR regulations, says the International Association of Privacy Professionals (IAPP).
*Note: This is the first episode in a mini-series of articles dedicated to Bucharest conference included in the IDC IT Security Roadshow.
Photo Sources: IDC