Authentication among top cybersecurity trends for 2016.

• Author: Becker, Bill
• Position: INDUSTRY PERSPECTIVE

* Cybersecurity will underscore most of the federal government's military and civilian initiatives in 2016. That's understandable considering data breaches are rampant and the government maintains essentially the world's largest collection of IT networks. There's a real need to ensure data security in various applications, both within and across agencies.

Many security professionals are predicting that the top cybersecurity trends for 2016 will focus on data breach prevention--that is, thwarting the hacks from the get-go. While this is a valid outlook, as breach prevention is absolutely a critical competent of a robust cybersecurity strategy, it is not the be-all and end-all.

There are three trends that are likely to be the hottest topics among federal security professionals this year: authentication, "roots of trust" and simplified security management through shared services.

Thanks to growing insider threats, the password is no longer strong enough to protect systems. Data identity and authentication technologies will evolve and flourish in 2016.

In our app- and cloud-centric culture, almost every user has privileged rights previously reserved for administrative users. Trends like the Internet of Things, Bring Your Own Device, and federal mandates such as the Office of Management and Budget's 30-day Cybersecurity Sprint and the Cybersecurity Strategy and Implementation Plan (CSIP) have put greater emphasis on identity and authentication technologies. In fact, the CSIP calls for derived credentials solutions and other strong authentication solutions for mobile devices as a critical component of a broader effort to improve mobile device management.

It's true that mature applications and workflows still require the use of public key infrastructure (PKI) credentials. Smartcards are a robust form of authentication for traditional endpoints. Enterprise computing has matured so that smartcard-based encryption and authentication are routinely used from end users' laptop and desktop computers for applications such as secure email, virtual private network access, PKI-enabled web servers and network smartcard logon.

Unfortunately, PKI credentials on smartcards do not translate efficiently to mobile devices. Today's endpoint landscape has shifted to a variety of devices: laptops, desktops, thin clients, smartphones, tablets and more. Users now expect access to information anytime, anywhere while still protecting their data with PKI-based security...