The Duality That Is Our Reality: RSA Predictions 2023


As we head into RSA Conference 2023, it’s important to understand the current duality we live in: the consumerization of the enterprise. This is an era of economic uncertainty and innovation. In this article, Shashi Kiran, chief marketing officer at Fortanix, dives into why there will be a focus on securing data at its core, through state of the art cryptographic technologies as well as in platforms that simplify the management of the entire lifecycle including for key management, certs, secrets management etc., at scale and across clouds including leveraging aspects of confidential computing. 

On the one hand, we’ve seen a rise in data breaches and ransomware headlines, including from security companies themselves. On the other hand, we’ve also seen the power of ChatGPT and other such platforms capture headlines for their powerful AI. Couple these with emerging areas such as post quantum cryptography (PQC), and the future looks both interesting and frightening.

The boundaries between consumer trends and the enterprise are continuing to blur and they’re also rapidly creating new attack vectors in the business landscape, particularly in an uncertain economic environment. 

While the mobile phone and the tablets started to dissolve the boundaries as they came into the workforce, things have been taken up a notch with consumer applications entering the enterprise. Social media applications were the beginning, and TikTok opened new doors. At the same time, advancements in AI, machine learning, and other technologies have broken new barriers. What began as a novelty with ChatGPT has opened the doors to a myriad of possibilities that are in equal parts fascinating and frightening and certainly something that security and business leaders need to care about as top of mind.

I expect this dual paradox to impact the security space as well into the near future and beyond.  

The Yin and Yang of Innovation

Technological innovation on its own can be exciting and inspiring, but AI can accelerate both the good and the bad.

First, the bad: on the one hand, we’ve seen a significant increase in data breaches and ransomware headlines, including from security companies themselves. According to the World Economic Forum, there were 1,774 organizational data compromisesOpens a new window in 2022, impacting more than 392 million individuals globally. And the cost of those breaches increases by an average of 20% each year, which equates to roughly 4-6% of the global gross domestic product.

On the other, we’ve also seen the power of ChatGPT, its successor GPT-4, and other such platforms capture headlines for their powerful AI. The prospect of these continually evolving AI-powered platforms is exciting because they could be used to amplify the good at scale and exponentially unlock the power of human innovation. It’s important to remain cautiously optimistic, however; as is the case with just about any new technology, there are (and will continue to be) those who choose to use it for malicious purposes and illegal activity.

The Implications for Cybersecurity

As previously mentioned, even security companies are not immune. We’ve seen a number of traditional security vendors impacted by it. Architectures built around protecting infrastructure need to re-think how to protect data, applications and information.

Couple these trends with other emerging areas, such as post-quantum cryptography (PQC), and the future looks as if it is both arming the attacker and giving tools to the defender. Through it all, protecting intellectual property, personally identifiable information and sensitive data need to be paramount, not just for maintaining regulatory compliance but preserving the viability of an organization’s existence. I anticipate greater interest, therefore, in securing data at its core through state-of-the-art cryptographic technologies and via platforms that simplify the management of the entire lifecycle – key management, certs, secrets management and so on – at scale and across clouds, building on the power of Confidential Computing.  

The clear trend here is a movement toward a no-compromise, data-centric approach that’s increasingly vital as organizations continue to transition their data and systems to the cloud. This approach decouples data security from infrastructure, ensuring that sensitive information remains secure even if an overarching network or ecosystem has been compromised.

See More: Cyber Hygiene: Building Blocks of Protecting Your Attack Surface

Encryption, Regulations and the Promise of Success

Migrating to the cloud certainly has its benefits, but it could come with a host of challenges, including (but not limited to) a lack of data visibility, the storage, transmission and processing of private data, enterprise-class encryption and key management, and subpar access controls that put sensitive data at risk. While there are solutions for all of these, they need to be simple and easy to adopt and take a platform approach. Reducing complexity and sprawl is a vital aspect of enforcing security.

As SaaS becomes a key driver and multi-cloud becomes the norm, being able to confidently secure data, wherever it is, is an undertaking that regulated organizations should certainly invest their energy in. We are seeing large-scale interest in this approach from some of the largest Fortune 500 companies and government agencies, and we believe it is only the tip of the iceberg.  

AI is here to stay. So are regulatory requirements. Sensitive data needs to be always protected. Let’s collectively roll up our sleeves and just do it.

What do you feel about our present state of duality when it comes to data security? Share with us on  FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock