One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1716046 |
| Date de publication | 2020-05-18 12:00:00 (vue: 2020-05-18 13:00:54) |
| Titre | Disruption on the horizon |
| Texte | Innovations in technology have been a prime agent for disruption throughout much of human history. Advancements in materials science gave English archers, with their superior longbows, the advantage over the French in many conflicts during the Hundred Years War; such as the Battle of Agincourt. In the late 2000’s, the music industry was forced to reinvent itself in the face of changing consumer consumption models as a result of technological advancements or become irrelevant. As cyber security professionals we are often caught in the wake of disruptive changes as a result of technology adoption (i.e. Cloud), changes in operational paradigms (i.e. DevOps), or regulatory/compliance developments (i.e. GDPR, CCPA, etc.). Recognizing this, how can we proactively identify such changes before they start to impact our operations? While practically any technology or process can potentially upend your security paradigm, currently cited examples of disruptive technologies typically include some, or all, of the following: Edge computing Disappearing perimeter Distributed Ledger solutions Machine Learning / AI Quantum Computing Infrastructure as Code / Software Defined Everything 5G Cloud / Microservices / Serverless Functions IoT Digital Transformation In reviewing these technologies, we can see common themes begin to emerge. Regardless of the benefits or new business opportunities they may bring to the organization, these solutions, either individually or in combination, are also likely to: Increase the attack surface of the organization Create a skills gap in current IT and security staff Become a double-edge sword by increasing the effectiveness of threat actors as well as organizational security staff Bypass or undermine the effectiveness of existing physical or logical controls Enable data proliferation prior to the availability of platform specific, proven security controls or architectures Expose gaps in security policies or business continuity plans which do not have a precedent established For example, Quantum Computing will dramatically improve the efficiency of computation for certain kinds of workloads. This leap forward in computing capabilities could lead to new discoveries in a number of fields. However, Quantum Computing will also undermine the effectiveness of many of the current encryption solutions that have provided security for our communications and data transactions to date (https://www.businessinsider.com/7-emerging-technologies-that-cybersecurity-experts-are-worried-about-2019-10#quantum-computing-could-easily-crack-encryption-2). State sponsored threat actors will have access to such platforms very early on (and likely already do). However, since broader access to such computing platforms will likely be made available in the cloud, other threat actor groups will be able to utilize these platforms sooner than you might think. Given an organization’s compliance concerns, the risk posed to legacy encryption solutions for data at rest and in transit will likely require updates to security policies and requirements for how data is encrypted and potentially where encrypted data resides. Even at a high level, this thought exercise illustrates how innovations can impact the technical and operational environments, but in this, not all businesses are created equal. The degree of disruption caused by a technology innovation, or combination of innovations, is both industry dependent and business specific. Revisiting the music industry example, the rise of compressed digital music formats when c |
| Envoyé | Oui |
| Condensat | + 0 even 0 10#quantum 2000’s 2019 ability able about abundant access accomplish acquisitions across actor actors acutely adopters adoption advancements advantage after agent agincourt all already also always analyticsinsight any application archers architectures are areas argue asp aspirational attack attend availability available basis battle become been before begin below benefits bizcatalyst360 blue boarding both bring broader build business businesses businessinsider but bypass can capabilities case cases catch caught caused ccpa certain challenge change changes changing channel cited closely cloud code com/7 com/disruptive com/edge/theedge/5 com/terms/d/disruptive combination combinations combined commentary common communications companies comparatively compliance complicated compressed computation computing concepts concerns conflicts considerations consistent constraints; construction consumer consumers consumption continuity controls could counterparts crack create created cross current currently cyber cybersecurity cybersecurity/ cybersecurity/b/d darkreading data date decrease defensive defined degree delivered dependent devastating developments devices devops different digital directional disappearing discoveries disruption disruptive distributed distribution diverse done double downloads dramatically during each early easily edge effectively effectiveness efficiency either embrace emerge emerging enable encrypted encryption english entire entirely environments equal escaped established etc even everything example examples exercise existing experts expose face felt fields following: forced formats forward french from front function functions further future gamification; gap gaps gauge gauging gave gdpr get given group groups had have help high highly history hold horizon how however https://www human hundred id/1335949 ideas identification identified identify illustrates impact impacts importantly improve include increase increasing individual individually industries industry infrastructure inherent innovation innovations innovative insight intellectual internet investment investopedia invite invitees iot irrelevant itself kinds landscape/ large late lead leaders leap learning ledger legacy legal let level likely limitations little logical longbows machine made many materials maturity may microservices might mobile model models more most much multi music must nature near net/how neutral new not number offensive offer often once one ongoing operational operations opportunities opportunity organization organization’s organizational organizations other out outpace over paradigm paradigms people perhaps perimeter physical plans platform platforms play playing policies policy posed potential potentially practically pre precedent prime prior privacy prize proactively process procurement professionals proliferation property protect proven provide provided quantum quarter quickly recognizing record references: regardless regulated regulatory/compliance reinvent require requirements research resides rest result resulting review reviewing revisiting rise risk science security see serverless services sessions set should shown signposts simple since skills sky software solutions some sooner specific speed sponsored staff start state stay step streaming strong such summing superior surface sword take teams technical technological technologies technology technology: term than themes these think this: thought threat throughout time to: tools top transactions transformation transforming transit translate trends typically ubiquitous undermine undermined unique updates upend use utilize version very views wake war; watch way well when where which white will without work working workloads worried years your |
| Tags | Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.