Utimaco shows three cybersecurity trends for 2023
With its crises, 2022 was a very turbulent year for most companies. Between inflation and the energy crisis, IT security often threatens to be forgotten. That would be a grave mistake, instead cybersecurity should be proactively addressed this year. Nils Gerhardt, Chief Technology Officer at Utimaco, has identified three topics that will become particularly important in 2023:
1. Securing supply chains – physical and digital
Supply chains are still one of the defining issues for a wide variety of industries and the topic will also accompany us in the new year. For example, the Supply Chain Due Diligence Act came into force on January 1st. To be able to comply with the regulations, visibility and auditability along the entire supply chain will play an important role. At the same time, companies are also concerned about securing their supply chains. In addition to the physical supply chains for products, this also applies to the software supply chain.
In hardware supply chains, for example, it is important to check whether networked components are originals. In the meantime, large quantities of counterfeit goods are circulating here, which cannot be easily distinguished from the real thing. Insecure firmware of such components can become a dangerous gateway into networked systems. Therefore, solutions are needed to guarantee the authenticity of such parts. With the so-called key injection, it is possible to give parts a cryptographically secured identity that can be easily checked by different authorities.
In the software area, so-called software bills of material (SBOM) can be used, which show which (open source) components were used. In addition, the relationships between individual components in the software supply chain are made transparent. This allows the origin of vulnerabilities in the software to be identified more quickly. US authorities have recently been required to request an SBOM and process documentation from their software suppliers to guarantee code integrity. We can assume that such information will also be in greater demand in Europe in the future.
Low-code/no-code platforms are becoming increasingly popular in companies today, as they enable applications to be developed quickly and cheaply without dedicated programming knowledge. However, users usually have no insight into exactly which components are being used and when they were updated. A challenge in the future will be to provide security mechanisms for these platforms. Another aspect of software supply chain security relates to continuous delivery. Here it must be ensured that third parties do not succeed in injecting malicious code into the process and that all open source components used are secure.
2. Confidential Computing
There is no getting around the cloud and more and more critical workloads are being relocated there. However, this also increases the need for security. In addition, companies must ensure that they do not come into conflict with the European GDPR through business relationships with the large American hyperscalers. There are also industry-specific compliance requirements.
Against this background, confidential computing describes an approach to shield data processing in the cloud in such a way that even the provider has no insight. Data remains encrypted for as long as possible and during execution it is in a closed exclave, i.e. a virtual machine or container. This in turn creates the need to manage the identities of users for authorized access. Cryptographic providers can help with this and with key management for data encryption. In the future, more and more companies will rely on encryption in the cloud and thus the demand for cryptography, key management and hardware root of trust will also increase.
3. Crypto Asset Management
Companies today are often not even aware of what type of cryptography they are actually using, which certificates are used and when they expire. There is great uncertainty and the need to better understand one’s own infrastructure and to secure the various communication channels is growing. For this reason, security-conscious companies are increasingly starting crypto assessments. Another step is forward-looking asset management, for example when an algorithm is outdated. In the future, it will be important to find solutions and define processes for continuously modernizing your own cryptographic assets. The aim of this is to achieve so-called crypto-agility, so that algorithms are adapted directly if a certain encryption method is broken – for example by quantum computers.
UTIMACO ist ein global führender Anbieter von Hochsicherheitstechnologien für Cybersecurity und Compliance-Lösungen und Services mit Hauptsitz in Aachen, Deutschland und Campbell (CA), USA. UTIMACO entwickelt und produziert On-Premise und Cloud-basierte Hardware-Sicherheitsmodule, Lösungen für Schlüsselmanagement, Datenschutz und Identitätsmanagement sowie Data Intelligence-Lösungen für regulierte kritische Infrastrukturen und öffentliche Warnsysteme. In seinen Kernbereichen nimmt UTIMACO eine führende Marktposition ein.
Mehr als 500 Mitarbeiter tragen Verantwortung für Kunden und Bürger weltweit, indem sie innovative Sicherheitslösungen und Services entwickeln, die ihre Daten, Identitäten und Netzwerke schützen. Partner und Kunden aus den unterschiedlichsten Industrien schätzen die Zuverlässigkeit und langfristige Investitionssicherheit der UTIMACO-Sicherheitslösungen. Weitere Informationen unter www.utimaco.com.
+49 241 1696-150
+49 69 506079244