Following a challenging year for server security, one big question remains: where is the industry headed in 2019? How do we rethink our approach in the wake of Spectre & Meltdown? What are the dangers on the horizon, and what sort of innovation can businesses use to combat them?
I spoke with our Dell Fellow, Mukund Khatri to get the answers to all of this and more.
What do you think customers will be dealing with this year?
Customers will continue to be plagued by increasing vulnerabilities and security challenges this year. Last year started with Spectre/Meltdown followed by seemingly endless other side-channel issues, sending many companies into a security maelstrom.
Companies are in the midst of digital transformation. For digital transformation, security transformation is essential. There are predictors that indicate ransomware will continue to increase, as well as smarter means of harvesting credentials. Timely infrastructure patch management is a challenge that customers will have to address to decrease their exposure. If consumers don’t have adequate encryption and encryption management, their data is insecure and at high risk for data loss and exfiltration.
These issues will require customers to handle increasing privacy regulations – like the EU’s GDPR, Australia’s new encryption law, and California’s new privacy regulation which goes into effect at the end of this year. Customers will need to determine the best way of balancing risk, while meeting regulations at the same time.
What security innovations do you see coming in 2019?
There will be many. I believe some of the major innovation focus areas will be in supply chain security. Also, I expect we’ll see innovation in encryption and encryption management with data at the edge, not just in the cloud or in the data center. I think there will be enhancements to monitoring and remediation technologies using AI and machine learning (ML) to enhance the security of their systems. Customers will be looking for innovative and easy ways to stay current with patch management tools. These tools will be key to minimizing the impact to their business, resource allocations, and other business disruptions.
I believe we will see innovations leveraging new technologies like AI, blockchain, and multi-factor authentication across various security solution spaces, including supply chain risk management, advanced threat monitoring solutions, and enhanced access and identity management (AIM). Secure enclaves for better protection of secrets is another emerging solution space.
Is it true that businesses only have to worry about security with their software, and all servers have the same security features?
Absolutely not! It might have been that way in the past, but hardware technology continues to evolve. Of course software must continue to be a critical focus for security, but there is a growing recognition that the hardware infrastructure must be protected as well. Think of it this way – would you buy a house at the beach without checking its foundation? That would not be very smart! Your server is the foundation of your data center, and it should have security built in to confidently build upon.
Security must be designed within the architecture of the server to effectively withstand sophisticated cyber-crime: phishing attacks that harvest credentials, advanced persistent threats (taking control of your firmware), data exfiltration (stealing your data). Server and server supply chain security must be looked at and considered as critical criteria in your purchasing decisions. Whether you are the CIO, the IT manager, or the IT admin, you want to know that you have made the right choice and are protecting your data center and your data from the ground up.
How can a business focus on their growth, and not concentrate most of their resources on security within their data center?
In the current environment, and for the foreseeable future, security will continue to remain top of mind for everyone. If you are moving data to the edge, utilizing AI or ML, or a hybrid cloud customer, you will need a trusted partner to manage resources that implement these new technologies.
I wish I could tell you that you didn’t have to do anything regarding your infrastructure security, but that is unrealistic in the world we live in. You will have to focus on security, but sometimes challenges grow at a faster rate than investments grow. To enable a business to focus on their growth, they need to have trusted infrastructure. Infrastructure within businesses will continue to grow, increasing the likelihood of threats, but with a trusted partner you focus more of your resources on growth, rather than managing threats. This is where Dell EMC can help. We want our customers to be able to focus on their growth and innovations, and let us focus on creating, delivering and managing a security enhanced product for their data center.