Ready for change: Four security trends that companies need to prepare for in 2021, such as quantum computing, IIoT or cryptographic security solutions.
2020 is marked by a global pandemic, but cyber security experts are concerned. Rather, companies have continued to expand their security controls. Gartner predicts that global cybersecurity spending will increase to $2020 billion by the end of 123,8. For 2021 and beyond, Admir Abdurahmanovic, VP Strategy & Partners and co-founder of PrimeKey, identifies four trends that will concern the security industry, the economy and society as a whole. These include developments that could develop into a cyber pandemic of unprecedented proportions.
Trend 1: breakthroughs in quantum computing
To date, large-scale security incidents have focused on widespread but single applications, operating systems, or on a family of microprocessors. Security problems that affect almost all areas at the same time, like a cyber pandemic, have not yet existed. Security experts have so far ridiculed the idea of a "super code" that could break all encryption and security controls at once. However, this could change in the future thanks to quantum computers.
At a fundamental level, encryption relies on mathematical formulas that, given the right key, solve complex calculations and help encrypt and decrypt data. With the established encryption standards, a brute force attack would take hundreds of years, even with the computing power of all computers in the world. However, quantum computers solve certain mathematical functions within a few seconds, which is why many of the current encryption systems could be broken in the next five to ten years. As a result, a large number of complex work processes would suddenly become unsafe.
Numerous security researchers and hacker groups are therefore working worldwide to break encryption processes using quantum computers or to develop "quantum-safe" encryption methods. In the next few years, one or both sides will bring a breakthrough technology to market. To prepare for this case, PrimeKey is already developing every part of the cryptographic supply chain itself, starting with the basic cryptographic libraries.
Trend 2: Stricter regulations for the IIoT
With quantum computing as a global threat, there will be a growing realization that both the technology industry and vertical markets need to do more to strengthen cybersecurity. Many experts are already demanding this. However, without government regulations to ensure implementation of best practices, the incentive for change remains limited. Therefore, national and international regulations related to cyber security will increase in the coming years. We already see some examples of this in the area of critical infrastructures (KRITIS), such as the strict requirements of the NIS directive (network and information security) of the European Union or the IT security law of the Federal Office for Information Security (BSI) in Germany .
A large part of the industrial plants has grown over many decades. As a result, there is little incentive to add new security controls to manufacturing. However, the regulation of Industrial IoT (IIoT) will see a big boost from 2021 with the introduction of autonomous and smart vehicles. It would be bad enough if a cyber attacker took over a manufacturer's production line. Governments must respond to the idea that a hacker can control a multi-tonne autonomous delivery truck. Therefore, IoT security regulations for the automotive industry can become the catalyst that changes the entire IIoT landscape.
Trend 3: Cryptographic security solutions
Quantum computing and nation-state regulation have one thing in common: both intersect with technological shifts that are forcing the cybersecurity industry to respond to a new or evolving threat. While IT is generally a software-centric and agile industry, it's still surprising how much of the foundational technology is becoming entrenched in devices and systems. While much has been said about the power, intelligence, and analytical capabilities of cybersecurity, there has been a lack of focus on its flexibility.
For example, if a cryptographic algorithm like SHA-1 is deprecated, then the transition to a new standard should be easy and without interoperability issues. A problem with this is that many systems are not designed with the idea that their fundamental security elements will eventually need to be quickly replaced. That is why PrimeKey engineers are working on solutions in which the underlying algorithms can be changed slightly and the trust hierarchies can be restored quickly. Crypto agility is on the way to the forefront of design philosophy for many vendors and their customers.
Trend 4: Cybersecurity ubiquitous
Flexibility around security is driving a broader technological shift that includes more security offerings from the cloud. Many companies are already realizing that they don't have the time or resources to build their own security infrastructure. This applies all the more in times when the performance requirements can fluctuate greatly. On average, they gain a security advantage over many traditional IT approaches when using private or public cloud offerings.
However, some industries have concerns. For example, manufacturers need to keep their production operations running even if a factory temporarily loses connectivity to the cloud provider. Because security controls are critical in an environment of connected processes, the failure of a single security control, available only through the cloud, can slow down operations across an organization. Therefore, companies will pay more attention to ensuring security everywhere.
In the last year alone, more and more PrimeKey customers have developed large-scale projects that simultaneously include several possible uses in order to meet the required scale and stability. The conversations about where a particular service is hosted to comply with EU, US and individual country laws are now affecting all areas of work. The discussion about GAIA-X as a European data infrastructure can further strengthen this trend.
Ready for change
There are other trends that we will be feeling for a long time, such as blockchain, geopolitics and the impact of COVID-19, which may overlap with the issues of quantum computing and tightening IoT regulation. However, if organizations are looking for critical advice, then they should ensure their entire organization remains agile and flexible with their IT decisions. If the global pandemic has taught us anything, it's that uncertainty is the only certainty. The ability to quickly adapt to challenges must be part of any plan.
Learn more at PrimeKey.com
About PrimeKey
PrimeKey is one of the world's leading providers of PKI solutions and develops innovative solutions such as EJBCA® Enterprise, SignServer Enterprise, PKI Appliance, PrimeKey SEE and Identity Authority Manager. As a pioneer in the field of open source security software, PrimeKey supports companies and organizations worldwide in implementing security solutions such as eID infrastructures, ePassport solutions, authentication, digital signatures, unified digital identities and validation. The solutions are certified according to Common Criteria and FIPS. Several solutions are Webtrust/ETSI and eIDAS compliant and internal processes have ISO 9001, 14001 and 27001 certifications.