Data security in a borderless digital world
In our Atos’ Scientific Community latest paper ‘Journey 2022’ we address a challenging digital dilemma: how to share data without compromising security or intellectual property. This dilemma is already a major concern today, however its scope and impact will massively increase in the coming years with data growing at a rapid pace. Data scientists recently claimed that the volume of data in the world would double every two years, but the Internet of Things (IoT) has dramatically changed such prediction.
If the volume of data will be a concern, WHERE such data resides and HOW it is processed and transmitted will also be key. Today we already live in an environment where the boundaries are blurring and where a bunch of data -corporate data- can sit outside our HQ walls in an hostile environment. IoT adoption will totally push away any kind of barriers in the coming years and make such situation worse.
In such a doom scenario, two major pillars will drive security for IoT: identity-based protection AND data protection wherever it goes (resting, processing or transmitting). This applies to any kind of entity dealing with data (whether it is in the cloud, in your laptop, your mobile, your company car or in the company bracelet granting you access to your company assets).
We do believe we can consolidate those two security pillars into a concept we call “Data-ridden security” (DRS). DRS is a new paradigm which assumes that every component handling data (storage, network, API, …) has enough strong security controls to protect any kind of data it processes. It is the data itself which instructs the component how to deal with it, according to its nature and context.
Nevertheless, some other security strategies will still play a relevant role:
- Device hardening for consistent built in security controls on edge devices. Considering those will be totally heterogeneous, it must be a strong compliance enforcement, probably from standardization bodies and industries as well, to ensure every device reaching the market is secure enough;
- IoT VMS (Vulnerability Management Services), asset discovery & patch management for automatic device discovery, vulnerabilities identification and patch management;
- Edge security analytics to enable intelligence capabilities like machine learning, artiﬁcial intelligence and big data techniques on IoT ecosystems for advanced IoT behavior and threat detection.
There is still a need for new data-centric security paradigms like DRS, as data will consolidate as the most valuable asset in the business.