You could say 2015 was a house of horrors when it came to security breaches -- from high profile corporate hacks, stolen identities of 4 million federal employees, to a database breach exposing the names, genders, and birthdays of more than 200,000 kids.
As we look ahead to 2016, we must ask, will enterprise companies be able to get ahead of new challenges to keep your data and identities safe? Or will hackers and rogue employees find workarounds and evolve too quickly before any security measures can be implemented?
One thing’s for sure: security technologies will need to better understand and pre-empt any threats over the long term, but also focus on providing a nimble and responsive approach in the short term.
Here’s what we expect to see unfolding in 2016:
- Identity management technology will overshadow firewalls.
With so many external security intrusions being enabled by weak internal security protocols, end users will shift their budget and focus from external-driven firewall technology to internal-driven identity management technology. Securing the identities and access of an organization's users will emerge as a strategy to mitigate potential external threats.
- "No password" authentication will turn into a reality.
Organizations will begin offering authentication methods that are a quicker and more seamless experience for users than passwords. Biometric, geolocation, bluetooth proximity and pictographs are a few of these potential methods that will see increased usage in 2016. Such methods will enable secure access to company systems, files and apps without disruption in user experience, which typically result in security workarounds.
- Push verification to mobile devices will replace token-based authentication.
Tokens are one of the best ways to handle authentication for multiple users. Applications like Facebook, Twitter, Google+ or any major API or web application use tokens. But instead of requiring employees to carry yet another device, such as an RSA SecurID key fob, push verification to employees’ mobile devices will replace the need for users to enter a security code. Users would only need to download a mobile app for free on personal or corporate-owned devices.
- Wide adoption of multi-factor authentication through end-user mobile devices.
Popular sites such as Amazon.com now offer two-step verification for their users to prevent unwanted users from gaining access to their accounts. More organizations will recognize that in order to secure critical data, they will need more than just a login and a password. And they can securely enable their mobile workforce with multi-factor authentication methods using a smartphone.
We foresee 2016 as the Year of You. Login verification will use different factors -- knowledge (what you know), possession (what you own), and inherence (what you are) -- based on your identity. Enterprises will also begin to realize that security policies should adapt to your behaviors and personal experiences, and not the other way around. Not only will this keep a growing mobile workforce ticking along, but also lower the chances of them creating security workarounds just to maintain productivity.
So far, our second prediction has already caught the attention of a couple of leading security publications. Check 'em out: