(Forbes) There are companies and supposedly governments that are collecting and storing encrypted data, including passwords, encrypted emails, text messages, PDFs and even voicemails. The expectation is that quantum computing will enable much faster decryption in the near future — mere minutes rather than hundreds of years — suddenly making those assets potentially extremely valuable, especially when collected at an enormous scale. It would be wise for CISOs to consider one day migrating encrypted data and infrastructure to a post-quantum cryptography platform – something that is actively in the works at NIST.
Ever-changing environments present more challenges for rules-based enterprise security strategies when the effects of many cumulative changes combine to defeat even well-intentioned and diligent workers. One way of attempting to make life easier for users is switching away from rules-based systems, which are often based on “something you know,” to focus instead on “something you are,” which brings us to biometrics.
Two-factor authentication offers another layer of security versus a password alone, often relying on “something you have” — perhaps a physical token or the delivery of a unique SMS code via your smartphone.
Perhaps the future of enterprise security is based on zero trust — a model that takes none of the three As (authentication, authorization, accounting) for granted and restricts access accordingly. In this school of thought, access to a resource is granted strictly on an “as needed” basis — there is no such thing as presumption of access.