Spending on cybersecurity is expected to reach $458.9 billion by 2025 — an increase of more than $196 billion compared to 2021. As this growth progresses, the entire cyber ecosystem is being shaped and impacted by a variety of factors including environmental forces, technology inflection points, and security trends.
As the industry moves forward, it’s important to understand what key trends are impacting hardware security innovation so all involved can more strategically evaluate technology, resources and planning. First, a couple of caveats — it’s important to keep in mind that security trends can often be a reaction to what’s going on in the security ecosystem itself, rather than specifically something that gets created. Also, regulation is traditionally a precursor to creating a security trend. With that in mind, let’s dive in.
Environmental forces (such as political, economic, societal, technological, etc.) are increasingly cascading across the security landscape. Today, there are more devices, more data, more breaches, and even more regulation in the threat landscape. The publicity of attacks is driving increased anxiety for consumers, governments and companies. Compounding the issue is the fact that the ransomware industry is thriving. Once created uniquely by individual hackers, ransomware has now morphed to include Ransomware as a Service (RaaS) and enterprise-like cybercrime rings, resulting in singular solutions that can be leveraged en masse — and they’re generating hundreds of millions of dollars in ransoms.
Supply chain attacks are also now fair game for threat actors. Nation-states are increasingly attacking supply chains and using those attacks to serve a dual purpose — generating money and demonstrating weakness in Western systems. An additional target of cyberattackers is user data — the rise in number and size of data breaches has highlighted how much personal data is monetized. The industry is working to strike a balance between technologies that improve people’s lives versus empowering bad actors to invade privacy.
While environment factors impact hardware security, there are also a variety of infection points and security trends influencing the hardware security space. Let’s look at six (and keep in mind, this list is not exhaustive):
- The drive to the edge: The creation of 5G networks and the need for lower latency is pushing the boundaries of where computation is going to take place. Edge devices run many threads across many microservices. As a result, workloads are no longer monolithic, and data is being processed through an array of devices. To secure the weakest link, data needs to be protected at every step. But as these devices make their way to a growing number of physically insecure locations, those challenges are increasing dramatically.
- AI everywhere and data is becoming king: Artificial intelligence (AI) is becoming a predominant part of computing applications. While it will bring new use cases and insights, it also brings added challenges in privacy and security. It will require massive data quantities to operate efficiently and competitively, which means continued investment in acquiring, classifying, storing and monetizing data. Furthermore, data access, privacy, ownership and control are all areas of increasing competition and conflict.
- Quantum computing on the horizon: Having spent years in academic research, the quantum era is looking increasingly like it will be a reality within the next decade. The frightening consequence, at least from a security perspective, is the implications this could have on the foundations of cryptography (and the ability to solve incredibly difficult mathematical problems upon which it is built).
- Confidential computing as the next frontier in data security: Confidential computing has emerged as a way for infrastructure service providers to re-establish trust with tenants so third-party data is not visible. Achieving this at scale and across the variety of devices being introduced is a significant challenge. At the same time, the cost to the user of doing this in terms of performance and complexity still needs to be minimized before it can be adopted broadly (which Everest Research predicts could come as soon as 2026). However, advances in this space are being made across the industry.
- Evolving roots of trust: Users face a challenge of achieving confidence in a system built from a diverse set of silicon components and providers. Consistent protections are now expected from all CPUs, GPUs, sensors, FPGAs, etc. The industry and users are moving away from large and complex roots of trust and planning solutions across segments. Standardization, transparency and interoperability of security strategies and methods are key to addressing this end-to-end security.
- Overall trustworthy systems: While there has been a recent trend of hardware attacks, hardware and software can’t be separated. Trustworthiness is a system problem across the data, processor and platform components (of the entire lifecycle). This has a broad impact from making devices secure by default (a challenge with Internet of Things [IoT] devices, for example); improving supply chain practices; giving users more transparency and visibility into security functions, and more.
Over the last decade, innovation in the hardware security space has evolved dramatically — from a focus on applications and software to increased protections rooted deep in silicon. As threats have moved down the stack, hardware research and innovation has increased across the industry and with academia. This has also increased collaboration between organizations as they work to solve security issues together.