| |July 20199data and flag/respond to unauthorized access. Homomorphic encryption is one technique used for data privacy for outsourced Big Data. Searchable symmetric encryption is also used to run queries on encrypted Big Data.Customer Identity and Access Management As organizations grow and evolve to an environment of zero trusts and shadow IT, they are usually saddled with a collection of on-premise and cloud applications with multiple insecure identities across a number of systems, applications and services which attackers can exploit. Identity and Access Management provide a way to consolidate these disparate identities (on-premise and cloud). This is evolving to a model where location-independent access to any managed resource is controlled by user and device credentials, which ensure (adaptive multi-factor) authentication, fine-grained authorization and access control and, if required, encryption.The known identity can interface with other applications through APIs to enable access to enterprise-wide services, including B2B, across organizations. Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC)The early form of access control included access control lists (ACL) that enabled an identified user to access the data. This evolved into an enhanced protection mechanism through the definition of roles (flat/hierarchical/constrained) to create a model of access control called RBAC. It works well for small to medium organizations with fewer people. It cannot scale in large enterprises to protect the exploding volume of APIs, microservices, and data.The scalability problems of RBAC resulted in a new dynamic form of access control called ABAC. Access to a resource is based on adding/removing user-defined attributes (location, time, actions, etc.), making it flexible and fine-grained. Attributes based on future actions can also be created which enable a dynamic form of access control. Most companies start with RBAC and incorporate ABAC when they grow to do fine-grain filtering. This method is called RBAC-A. NIST is also implementing Next-generation Access Control technology.AI, ML and IoTin Enterprise SecurityThe advent of AI and ML enabled security systems to be configured to identify threats, malware, viruses, anomalies and potential remedies on large volumes of data without human intervention. Traditionally, AI and ML are probabilistic with the accuracy dependent on the quality of data. While CISOs like AI and ML to provide them with additional information, they would prefer to take the remedial actions themselves, rather than automating them. Automation is usually left to cookie-cutter, time-intensive and IT tasks. AI and ML can also be used by hackers to refine their attacks. This technology and its use in cybersecurity are continuously evolving; the current technologies are not future proof. The recent proliferation of IoT has enabled better analytics. IoT is usually low-powered devices without any infrastructure to provide effective endpoint protection and, hence, are vulnerable to attacks. Further, a plethora of IoT devices from different vendors/technologies/authentication modes have made the management hard.In a corporate environment, the whitelisted IoT devices are usually kept in a separate network, behind a firewall and NAT to ensure that it is not reached directly from outside, with Intrusion Detection services to detect any suspicious data. The traffic flows are baselined for normal behavior and ML tools are used to determine an anomaly from the baselined IoT traffic to identify attacks/remedial actions.ConclusionAs technology evolved in organizations (with new devices, changing traffic patterns, location-independent access), so did the needs of enterprise security. The concept of zero trust and the continual morphing of enterprise networks ensure that the current security technologies are not future proof. They will need to continually evolve to provide proper visibility,in order to capture zero-day attacks. AI and ML are used by both enterprises and hackers and, hence, care needs to be taken for their use. Secured application data are now the center of the universe, for users, networks and devices. New classes of endpoint security focus on a sophisticated whitelisting of data and applications, which link to the overall enterprise security solution. Cyber insurance is also an industry that has thrived due to the increased attacks and their cost. The overall enterprise security infrastructure is also designed keeping this in mind. Anand K Antur
< Page 8 | Page 10 >