What data privacy concerns await enterprises in 2019? What encryption will enterprises need to employ? What threats will they face?
To gain some valuable perspective on these questions, we spoke to Mark B. Cooper, President and Founder of PKI Solutions.
Here’s our conversation, edited slightly for readability:
Solutions Review: So Mark, 2019 is almost here. We originally spoke closer to the beginning of 2018. What have you seen this year that concerns you? Or alternatively, what excites you about cybersecurity in 2018?
Mark B. Cooper: Indeed, it’s been an interesting year. One of the most profound shifts I have seen in security and awareness has been what I call “unconsented disclosure.” For the last several years, we have all been focused on hacks and information theft.
But with events at Cambridge Analytica, Facebook, and others, we seem to be losing more control over security through organizations’ lax data privacy, sharing, and transparency to their users. Most people knew their private information was in the hands of these organizations and that they were being commoditized into a revenue stream. They were also aware of attacks out to steal this information—iCloud hack is an example. But increasingly, we are finding organizations are doing a poor job protecting their users’ data from inadvertent exposure to their partner channel (exposed APIs, poor authentication, etc.).
As a result, I think we are going to see an opportunity for upstarts to provide competing services but also provided individualized encryption and data protection so there is nothing to disclose—intentionally or otherwise. But of course, there must be a replacement revenue source. Perhaps we will see the Freemium model come to social media platforms.
SR: What do you think will be the biggest technology trends of 2019?
MBC: I think we are set to see an explosion of two-factor authentication technologies. Devices from Tesla (Drive PIN) to banking systems are incorporating two-factor solutions that are streamlined for their users and customers. I am also holding out hope for on-by-default BitLocker encryption in Windows.
In this era when our phones are encrypted by default, I am floored why our primary computer OS doesn’t encrypt disk contents by default. To expect home users to create boot partitions, administer TPM chips and voluntarily enable BitLocker is unrealistic.
Lastly, I believe we will see an ever-growing adoption of non-persistent desktops. Virtual machine-based master images that are created and spun-up for a user for a limited period of time. When they leave for the day, the image is deleted and at next login, a new copy of the master image is created for them.
SR: What will be the biggest threats to enterprises in 2019? We’re still dealing with a wave of phishing attacks—do you think this will be alleviated by next year?
MBC: I don’t think phishing attacks are going away. In fact, I suspect they have several more iterations to go through as we adapt and educate users. I suspect we will begin to see these attacks incorporate schemes to get trained users to provide access and money with their two-factor devices.
As these attackers learn how we are training people, they will begin to find their way to take advantage of that. I can see it now: “Steve, it’s imperative you transfer this money to me for this business deal. Remember your training and that you need to use your authentication token to authorize the transfer with the bank. This will help keep this secure like we talked about last year.”
SR: How will the cloud change cybersecurity technology in 2019, and vice versa?
MBC: The cloud is going to continue to incorporate more and more on-premise services and technologies. One area I am expecting to move to the cloud is the outbound and inbound SSL/TLS inspection appliances. Almost every corporate customer I work with has these, and in some cases, has hundreds of them. This could potentially become a scalable service in the cloud. I also expect to see further work done in the “always encrypted” arena. Cloud providers are doing a better job with data encryption at rest. But I expect to see a growing number of services and processing systems that will enable organizations to encrypt data all the way from a disc to a user’s screen.
SR: Any other predictions for 2019?
MBC: I suspect we are going to see landmark case law for information disclosure, storage, and sovereign rights in 2019. It’s been building to a precipice the last few years and frankly, the community needs a strong foundation of trust on how countries, and these cloud providers, will protect our information. 2019 will also be the year we see our first cloud service attacked by ransomware.
Thanks again to Mark B. Cooper for his time and expertise!
Mark B. Cooper, president and founder of PKI Solutions, is known as “The PKI Guy” since his early days at Microsoft. He has deep knowledge and experience in all things Public Key Infrastructure (PKI). PKI Solutions Inc. provides consulting, training and software solutions for Microsoft PKI and related technologies for companies around the world. Prior to founding PKI Solutions, Cooper was a senior engineer at Microsoft, where he was a PKI and identity management subject matter expert who designed, implemented, and supported Active Directory Certificate Services (ADCS) environments for Microsoft’s largest customers.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021