With 2017 winding down, it’s time to reflect on the past year while looking forward to 2018. We are continuing to see cybersecurity issues dominate the headlines, and expect the trend to continue into the next year and beyond. With that in mind, here are five industry predictions that Utimaco CEO Malte Pollmann sees evolving in 2018:
We’re already seeing the uncertainty of cybersecurity in a post-quantum world percolate in many circles, but this is the year the discussion will gain traction in the top levels of business. We also expect to see the topic of cryptographic agility (or crypto agility) gather more momentum with the heightened urgency to develop standards that drive post quantum cryptography (PQC) and how this impacts business moving forward.
Remember, no algorithm lasts forever. It’s not a matter of “if” it will be broken, it’s a matter of “when. As security experts grapple with preparing for a post-quantum world, top executives and business leaders will begin to genuinely consider what they can do to ensure all our connected “things” (cars, devices, infrastructure, etc.) remain secure. This questioning and testing of their ability to develop and implement an effective crypto agility approach are underpinning the key concerns of companies – irrespective of the industry and infrastructure, whether it’s an enterprise or consumer-related application.
In 2018, we’ll start seeing the discussion shift from questions to solutions. As a result, we expect the first of many customized, market segment (industry, or use case) specific crypto applications will be introduced to bridge the gap and offer the forward-looking ability to adapt to inevitable changing dynamics.
Blockchain has been one of the key buzzwords of 2017, and this trend shows no sign of slowing down in 2018. When looking to implement blockchain in the enterprise, many companies naively believe it is inherently secure thanks to its distributed nature. The reality is that adding transactions to a blockchain can be done without the use of digital signatures – and consequently obscure the true identity of the person adding a transaction – but this causes issues for the enterprise and other highly regulated industries where security around encryption key policy and management is a greater concern.
Interestingly enough, traditional technologies that blockchain was thought to displace, like Hardware Security Modules (HSM), have made a significant comeback and are aptly suited to secure the blockchain in the enterprise. Otherwise, blockchain – or parts of it – may remain secure in terms of recording transactions, but insecure in terms of recording and authenticating who initiated each transaction. To meet compliance and security goals, the signatures must be verifiable through a public key infrastructure (PKI). In 2018, expect to see more attention paid to HSMs in the enterprise driven by the rising interest in blockchain.
Innovation in the payment and banking marketplace has typically involved adapting new technology to meet a shifting consumer demand. While there has been a growing divide inside these businesses, between the innovation hubs driving new technology and the traditional areas of the core business, we will start seeing this divide close as forward-thinking innovation makes a deeper push into the old guard.
As businesses look to streamline processes and incorporate more flexible technology – particularly on the security side – this means moving away from legacy equipment that is stifling modernization and implementing evolving technology that can handle the growing demands of digital payment, alternative payment technology, cryptocurrency, etc. all without adding unnecessary friction while ensuring strict security standards and regulatory compliance.
Next year is a big year for regulations in the European Union, most notably with the EU GDPR hitting full enforcement in May. It also marks the year when all member states of the European Union are required under the eIDAS regulation 910/2014 to recognize the electronic identifications (eIDs) of other member states. But it doesn’t just end at eIDs. Many businesses will be surprised that eIDAS changes in 2018 also entails electronic Trust Services – namely electronic signatures, electronic seals, time stamps, electronic delivery service and website authentication – will be recognized across borders and have the same legal status as traditional paper based processes. As the focus stays on GDPR readiness and compliance, expect more issues not to come from GDPR, but from implementing and recognizing the need for Trust Services.
In 2017, autonomous vehicles were just beyond the peak of the Gartner Hype Cycle, in the phase of “peak of inflated expectations”. The reality is that – on the security front – there is a lot of productive and constructive conversations going on behind the scenes. As industry standardization bodies concern themselves with the security requirements, more completely new, green-field companies are going to emerge with security product offerings that enable autonomous driving, all the while mergers and acquisitions in this market will flourish.
Expect proven technologies from other industries, such as the payment market, to play a role in the installation of the new infrastructure the autonomous vehicle industry requires. In this context, topics like post quantum cyber security play a role in taking a crypto agility approach. As we see advances in both vehicle-to-vehicle communication (V2V) and vehicle-to-infrastructure communication (V2I), the industry will find itself navigating financial regulations, for example, to ensure that connected vehicles can safely and securely execute transactions and simple payment processes when refueling/recharging at the (electrical) station, crossing toll stations or automatically billing parking tickets and purchasing apps or services as needed. Tie in EU GDPR and eIDAS for delivery fleets services crossing borders to complete their business objectives, and it gets even more complex. These upcoming regulations will no doubt lead to even more heavily debated issues around autonomous vehicles.
Utimaco is a leading manufacturer of HSMs that provide the Root of Trust to all industries, from financial services and payment to the automotive industry, cloud services to the public sector. We keep cryptographic keys and digital identities safe to protect critical digital infrastructures and high value data assets. Our products enable innovations and support the creation of new business by helping to secure critical business data and transactions.
Founded in 1983, Utimaco HSMs today are deployed across more than 80 countries in more than 1,000 installations. Utimaco employs a total of 170 people, with sales offices in Germany, the US, the UK and Singapore. For more information, visit https://hsm.utimaco.com/
Director of Global Marketing
Germanusstraße 4, 52080 Aachen
Phone: +49 241 1696-200
OneChocolate for Utimaco
Phone: +1 415 989 9803
We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.