eweekchat

Trends in New-Gen IT Security
JOIN US: This is a chat-based conversation about what you think we can expect to see--or won't see--in data security this year. We'll have expert commentators!
   5 years ago
#eweekchatPredictions/Wild Guesses 2020JOIN US: This is a chat-based conversation about what you think we can expect to see--or maybe shouldn't see--in IT next year.
   5 years ago
#eweekchatTrends in Data OrchestrationJOIN US: This is a chat-based conversation about what we're seeing in the organization of all that data we're collecting. Data orchestration--using Kubernetes or other platforms--is a key topic right about now. We'll have expert guest hosts!
Maor
A2: Almost all attacks on enterprises came from email in the last decade. I don't see it changing much in 2020, I believe it will still be a big issue.
In addition, API security becomes more and more important since they are exposed to the whole world and susceptible to attacks
Vittorio Viarengo
yes, plus the new vast surface of cloud properties, SaaS/IaaS and PaaS
Stephen Manley
Could you elaborate on this one? In particular, I find SaaS/IaaS tend to improve security because:
Maor
Agree. Attack surface should be reduced
Stephen Manley
A2: 1) The company is actually paying attention when they adopt new tech (old security fell lax) . 2) The providers have a lot more concentrated focus and expertise on security.
Nigel Hawthorn
While the core of a cloud service may be secure, it can still be used in an insecure way. I have met people who are underestimating the cloud problem because they are just looking at the low level security features delivered by the vendor themselves
Nigel Hawthorn
if users can share a folder when they mean to share a file, open up the settings to other people without realising it, then the risk is large
Stephen Manley
A4: That leads to a question I've had... how do we as an industry help regulators and government officials pass laws/regs that make sense?
Chris Preimesberger
Especially difficult in this biforcated political world we inhibit.
Chris Preimesberger
OOps.. bifurcate. I'm a EDITOR!
Nigel Hawthorn
If laws are based on the basics they can continue to be useful in the future, don't base laws on the technology per se. Such as in GDPR YOU own YOUR data, everything else follows.
Vittorio Viarengo
he he. I am glad I am not the only one mistyping :)
Jason Garbis
@makitadreme very good question. Especially in our fast-moving world.
Chris Preimesberger
We think faster than we can type well, it seems!
Val Bercovici - 2020 Hindsight
3a: That means mitigating '3D vulnerabilities' by mathematically 'Provable Computing' in our words - where all infra, code, models and especially all data/log pipelines are verified off a decentralized integrity base BEFORE consumption.

#ZTX https://www.crowdchat.net/s/55x2q
https://www.crowdchat.net/s/55x2q

Stephen Manley
I like that idea. (And the chart)
Jason Garbis
interesting. I view that as very useful metadata (service attributed) to be included in a policy model

(edited)

Vittorio Viarengo
you had me at "mathematically 'Provable Computing'"
Jason Garbis
that is, a #zeroTrust policy model should include that as a requirement before a workload can be eligible for access across a network
Val Bercovici - 2020 Hindsight
Yes, we need broadest possible #ZeroTrust deployment on info access - but why not for all back-end resources providing the info being accessed as well?
eg. No new code deployed before decentralized verification
Chris Preimesberger
This has been a wonderful discussion. Outstanding interaction and engagement. Don't know about anybody else, but I certainly learned some new ideas here today. Some good seed for articles on @eweeknews.
Maor
Thanks you very much Chris, it was great!
Vittorio Viarengo
@editingwhizThank you for having me. I en joyed the stimulating conversation. Let's go make the world more secure now
Stephen Manley
Thanks for the chance to Tweet for @DruvaInc with the great panel. Special shout out to @valb00 as always!

(edited)

Vittorio Viarengo
A5: Passwords will be obsolete.... no wait, that's a wish...
Stephen Manley
Ha! I love this!
Val Bercovici - 2020 Hindsight
seamless identity #AuthN & #AuthZ throughout all digital services
Vittorio Viarengo
well, face recognition is out the window with deep fake, so scratch that...
Val Bercovici - 2020 Hindsight
yeah, turns out trusted biometrics at scale is yet another hard problem ;)
Vittorio Viarengo
A5: shift left in development security
Vittorio Viarengo
That is looking at security vulnerabilities in application code and configuration before it ever goes into production
Maor
This is done for a long time for the GAMFA companies. It's still too expensive for smaller entities
Vittorio Viarengo
I think that shift left is still new to many late majority type of companies
Chris Preimesberger
Q4: What do Facebook, YouTube, Google and other public networks need to do to continue to make improvements in their data privacy and protection processes in 2020?
Nigel Hawthorn
A4: some of the "improvements" have been forced upon them by regulators and lawsuits, I think regulators need to keep pushing organisations hard that collect and use our data

(edited)

Val Bercovici - 2020 Hindsight
I've become a massive skeptic about progress in this area. Nevertheless, priority needs to be tough legislation with more teeth (enforcement) than GDPR so far. Also lots of thought needs to be given to unintended consequences of any legislation.
Val Bercovici - 2020 Hindsight
i.e. having more corp lawyers on staff shouldn't be the easy button for large biz to bypass legislation - and smallbiz should not be penalized via overbearing legislation. Balance here is elusive - but essential. We need more policy students to graduate!
Eric Kavanagh on #DMRadio
Would love to see much more in-depth collaboration between these companies to identify threats, share intelligence and seriously cooperate. Would love more of this in #FinTech and #GovTech and elsewhere! #eWeekChat
Vittorio Viarengo
A2: Broader Deepfakes Capabilities for Less-skilled Threat Actors
Jason Garbis
agree that this will be a huge problem that we need to solve - the detection & flagging of these
Jason Garbis
I fear that people will die because of this - too easy to use this to instigate protests, riots, even wars
Chris Preimesberger
I'm in this camp. Deepfakes REALLY worry me because the general population is so image-oriented.
Stephen Manley
Another strong agreement from me.
Stephen Manley
A5: In 2018, we saw Ransomware as a Service (no joke). In 2020, you'll see vendors offer integrated Ransomware Protection as a Service - recovery as well as improved detection.
Val Bercovici - 2020 Hindsight
you know this is harder than it sounds - but absolutely necessary. Big issue is separate domains of data control to prevent adversarial encryption / deletion of DR copies, backups, archives, etc...
Stephen Manley
This is where I think cloud and SaaS can make a big difference. #biased
Jason Garbis
A4 - in some jurisdictions there is definitely risk of legislation being imposed upon them, or even anti-trust threats. Which is kind of crazy, to think that it could come to that.
Nigel Hawthorn
From the European side of the Atlantic, it doesn't seem cray at all that regulators care, I support their efforts to rein in misuse of data in all forms
Stephen Manley
@wheresnigel Why do you think the European side of the world cares more about privacy than, say, the US? Because I think it does - curious as to the underlying causes...
Jason Garbis
I think the regulations are needed and that their use/abuse of data is out of control. My "crazy" comment was more about the power these firms have, that that's even a consideration in response.
Nigel Hawthorn
Aha, I'm with you