The digital revolution holds the promise of great change for good. As our population grows, a connected digital society could bring further equality and has the scope to improve people’s lives. However, this must be underpinned by digital security, a concept that encompasses privacy, ethics, cybersecurity and public safety.
The only constant in digital is change. Within a few decades, digital will be everywhere, including in our physical lives and even, perhaps, augmenting our bodies.
Over the next years we will see networks changing with the advancement of 5G and possible introduction of 6G, the further convergence of physical and digital worlds and the management of data moving from the center to the edge, in swarms or within devices and things. However, these advancements will fail unless they can be secured.
Digital cannot function without security. The risks are too great, and advancements will slow down or cease.
The need for ambidextrous cybersecurity innovation
The ever-growing and complex surface perimeter of organizations requires a new holistic approach to security. Simply put, if security is not embedded, it will fail. Building a fortress to protect doesn’t work in these distributed settings where data is pervasive, and the new single point of failures are the APIs. Therefore, the new security perimeter must be built on identity – controlling the digital identities and permissions of all the people, applications, and machines in your environment.
All those fundamental changes will require an ambidextrous cybersecurity innovation process, focusing both on incremental and disruptive innovations. We, at Atos, work on incremental innovations improving existing cybersecurity technologies to bring visibility, simplicity, agility, and efficiency to our security operations. While in parallel we create disruptive cybersecurity innovations that will transform how we consume and provide security.
It means investing in AI for digital security not only for advanced detection and response but also shifting left to the protection controls addressing compliance and gaps before the cybercriminals discover them, and leveraging AI in public safety solutions to enhance and empower first-responders. As another example, Atos Cryptography R&D is focused on privacy-preserving cryptography such as homomorphic encryption to maintain data encrypted throughout its lifecycle, or even preparing for post-quantum cryptography.
Regulation, legislation, and control
A key element in the future of digital security is around regulation and legislation. Standards and frameworks are being developed for emerging technologies and networks such as AI, 5G, edge, IoT and OT.
Hard lessons have had to be learnt from past mistakes in (not) securing IoT and cloud environments. Now and in the future, there will be greater emphasis on private and public sector working together to share knowledge and develop frameworks and regulations that maintain a safe and secure digital space. Atos already works with industry players and with the European Union in this space through initiatives such as the Charter of Trust and the European Cyber Security Organization (ECSO). This will expand to become more global in remit and to cover issues such as ethics and trust in emerging technologies.
The role of privacy and ethics
In the future, digital security will expand to encompass the prevention of harm. It will be vital in maintaining the integrity of data and transparency of algorithms in artificial intelligence and machine learning.
You cannot decouple the issues of security with privacy and ethics. They are interdependent and will become the foundation from which we build our digital revolution moving forwards. Auditable and transparent data management will enable the future digital world, as long as its integrity is guaranteed by security.
The solutions are not straight-forward in the OT environment – technology systems such as patch management, antivirus and updating operating systems are all irrelevant so bespoke solutions are often necessary. That is why Atos has invested in specialized tools and products for securing complex environments and ongoing threat detection and management to be able to address such specific challenges. However, nothing can be done without the proper risk management strategy at its core. It is therefore crucial for organizations to put a strategy in place. This should cover all relevant areas such as policies, procedures, and processes, including any incident response plans that need to be in place and training people in the management and detection of risks. The work is in progress, but it needs to go faster.