This article highlights the latest events and trends to demonstrate how emerging threats and technological innovations are changing the security landscape.
Equifax Makes Good on Massive Data Breach
Announced in September of 2017 three months after its discovery, the Equifax breach exposed the records of 150 million people and put enormous amounts of personal data at risk. Now the company is expected to pay as much as $700 million to state and federal regulators in a settlement to be approved by a federal court. The settlement includes between $300 million and $425 million to cover credit monitoring services for affected Americans or to reimburse individuals for any identity monitoring services they may have purchased following the breach. Equifax will also have to pay $275 million in civil penalties, making this the largest data breach settlement in history.
The required changes to security protocols included as part of the settlement highlight the importance of implementing and maintaining strong protections for sensitive customer data. For enterprises, this means combining measures like routine updates, consistent data backups and access control in robust security protocols designed to mitigate risk by minimizing unauthorized access within their networks. Failing to do so can not only result in significant financial consequences but also destroy trust between consumers and companies.
Idaptive Singled Out as an Emerging Security Vendor
In an age where the privacy of personal information is becoming more important but breaches are considered almost inevitable, it’s up to innovative companies to create better security solutions. Enter Idaptive, named one of CRN’s Emerging Vendors for 2019. The company was cited for its “state-of-the-art technology”, which help those providing access control to “meet complex IT market demands” with “next-gen access” tools.
Idaptive takes a zero-trust approach to identity management and access control, combining multiple enterprise security protocols to create a seamless user experience. As an attribute-based system, Idaptive’s technology focuses on details like behaviors, devices, networks, locations and risk levels to support granular access control. Attributes are considered in context to create a more strategic approach to preventing unauthorized access and prevent legitimate users from being locked out of critical applications. Intelligent monitoring allows for quick responses to potential threats while supporting streamlined workflows for all users.
Samsung Consortium Plans Mobile Blockchain ID System
So far, the idea of self-sovereign identity (SSI) has been more of a pipe dream than an executable concept, but a recently formed consortium may be ready to make it a reality. Personal control of data is the major draw of SSI at a time when consumers are increasingly concerned about who has their information and how it’s being used and stored. Large companies like Microsoft have looked into decentralized identity options, but Samsung is the one leading the way in the quest for true SSI.
Along with six other companies, Samsung hopes to create a mobile identity option based on a consortium blockchain. The solution would allow users to store identity information on their smartphones and submit it as needed for verification on their own terms rather than relying on a middleman. Third-party verification of identities will likely be handled by participating banks and telecom companies. Potential security flaws in Samsung’s Knox feature, which would be used to protect identifying information, must be worked out if the company is to become the first to conquer the challenge of SSI.
ARPA Privacy Computing: A Public Blockchain Security Solution?
As blockchain technology continues to be adopted for a wider range of applications, it’s becoming clear it may not be as “unhackable” as was once believed. The potential for hacking could prove to be a serious problem, since information stored in the blockchain is basically immutable. Hackers gaining access to personal data within a blockchain could take control of anything from cryptocurrency to entire identities, leaving users with few options to recover lost or stolen information.
The ARPA network is hoping to change all this. Billed as a “privacy-preserving computation network,” ARPA seeks to use its technology to solve what its co-founder calls the “two biggest problems” with public blockchains: privacy and scalability. The platform uses multi-party computation (MPC) and private smart contracts to protect personal data in the blockchain. ARPA is compatible with existing blockchain frameworks and built to be scalable to meet the needs of organizations dealing with large amounts of data, such as finance companies, healthcare providers and enterprise-level businesses.
Incidents like the Equifax breach and the financial backlash it caused are likely to drive businesses to seek better security measures, which will require a dynamic approach to identity management and access control. In addition, the adoption of new technology drives the need for new and better approaches to security, suggesting experienced IT and cybersecurity professionals will be in increased demand as innovations continue.