Advertisment

2017: Five Things about Security

Watch out for: Applications, automation, sophistication and the new use of Cloud as a tool in itself

author-image
Pratima Harigunani
New Update
insider threats

Tom Corn

Advertisment

More than ever before, security is top of mind for organizations. In 2016, we witnessed multiple large-scale cyber attacks across industries, to the point that it seemed like rarely a day went by when the news wasn’t plastered with revelations of a massive data breach or some other online threat. As data center infrastructure increasingly moves to the cloud, new security approaches are needed.

As we gear up for the New Year, let’s take a step back to reflect on where we’ve been—and where we’re going—in terms of security. Below, I’ve outlined five things we should expect to see next year.

1. Application Is King

Advertisment

Security teams have traditionally concerned themselves with protecting data center infrastructure, and they’ve worked most closely with infrastructure teams to deploy, align, and manage security controls. That approach needs to change in the hybrid cloud era. Ultimately, the applications and data are what we are trying to protect. In 2017, we expect the application will become the new unit of focus for security teams, who will align themselves more closely with application teams to deploy their controls. Containers and DevOps will further fuel this model.

Because of these new approaches to application development, application teams will be more transparent with the components that make up their applications, which will aid security teams in aligning their controls around applications and data.

We’ve already begun to see evidence of this trend with the growing popularity of network micro-segmentation, a process by which a critical application or compliance scope is compartmentalized in a segment, and endpoint and network controls are aligned to that boundary. We predict that adoption of this and other application-centric security ideas will only accelerate in the coming year.

Advertisment

2. Using the Cloud to Secure, Versus Securing the Cloud

To date, the security discussion around the cloud, both public and private, has centered on security. And while concerns and challenges remain, in 2017 we believe security teams will increasingly look to the cloud to capitalize on security approaches that have not been possible in the world of traditional data centers.

As part of that movement, we will see a growing number of technologies and techniques to leverage the cloud to secure applications and data—including controls and policies that follow the workload, the use of dynamics to limit persistence, automation of security incident response, micro-segmentation, greater visibility and control, and more. As the cloud shifts away from its “just trust us” roots to more customer visibility, more inter-customer isolation, and third-party attestation (meaning less faith-based trust), the cloud will become more secure and digestible for broader ranges of applications and services.

Advertisment

3. Simplicity and Automation Become the New Dimension of Innovation in Security

Security has become astronomically complex, and the limiting factor for most security organizations is the lack of qualified human capital available to run it. Both the scarcity of talent and the difficulty of funding additional headcount (which is often even more challenging than funding capital expenditures) have hampered organizations’ abilities to adopt powerful new security technologies.

We see a tipping point ahead. The talent shortage will drive a new wave of security technologies designed to simplify and automate the process of securing critical infrastructure and applications, both on-premises and in the cloud. There are already a host of companies working toward automating incident response. The desperate need to stay ahead of an ever-worsening threat landscape will continue to spur innovation in other areas along this same dimension, including threat detection and predictive analytics, where elbow grease alone can no longer do the job.

Advertisment

4. More Sophisticated Attacks From Less Sophisticated Attackers

Just as defending data is becoming increasingly complex, so too are the attacks themselves. Countering the increasingly sophisticated attack techniques deployed by nation-states and organized crime requires very specialized skill sets. But the aforementioned trend towards automation is a double-edged sword.

The weaponization of cyberspace has driven a wave of new, more automated tools for creating and managing sophisticated attacks. Prominent examples of these more sophisticated attacks include Zeus (for building Trojans) and BlackPoS (which was used to attack point-of-sale terminals in several prominent retail breaches). The rise of this kind of advanced, yet easy-to-use malware means we will begin to see significant attacks from a much broader range of attackers.

Advertisment

We already see an expansion of the advanced attacker population and motivation to include things like political activism or dissent. The trends we mentioned earlier will certainly help mitigate these new threats in the long run, but we expect that things will get worse before they get better.

5. Mobile Security and Identity Controls Collide

So far, mobile security and identity and access management (IAM) have largely remained two separate markets—but we see them on a collision course. Mobile devices are already a critical component of the knowledge worker’s toolkit. They are being used as communication devices, data storehouses, and application portals—and increasingly as a credential and authentication mechanism.

Advertisment

As a result of this move to mobile, identity is rapidly moving to a risk-based behavioral model, where the IAM solution factors in the risk of the endpoint device, the criticality of the application and data being accessed, and the level of confidence that the user really is who they say they are.

The motivation for “risk-based” controls has been that authentication and isolation have not been enough to support trustworthy identity. Evidence of behavioral consistency helps address the risk that authenticated, isolated, and trusted services have been taken over by exploiting imperfections in their implementation or infrastructure. We’ve already begun to see some unified security solutions that blend these two components, and we expect this trend to accelerate in the coming year.

(Tom Corn is SVP of Security Products at VMware. Views expressed here are of the author and CyberMedia does not necessarily endorse them.)

cloud it-security