The third and final installment in our 2017 Predictions blog series continues to tackle the cybersecurity issues facing the modern enterprise. As businesses accelerate along their digital transformation journey, new approaches to cybersecurity will become essential. Tom Corn, Senior VP of Security Products at VMware, outlines five key predictions for 2017 that will change the way enterprises look at and implement cybersecurity in the coming year.
More so than ever before, security is top of mind for organizations. In 2016 we witnessed multiple large-scale cyberattacks across industries, to the point that it seemed like rarely a day went by when the news wasn’t plastered with revelations of a massive data breach or some other online threat. As data center infrastructure increasingly moves to the cloud, new approaches to security are needed.
Let’s take a step back to reflect on where we’ve been – and where we’re going – in terms of security.
Below I’ve outlined five things we should expect to see this year:
1- Application is king
Security teams have traditionally concerned themselves with protecting data center infrastructure, and they’ve worked most closely with infrastructure teams to deploy, align, and manage security controls. That approach needs to change in the hybrid cloud era. Ultimately, the applications and data are what we are trying to protect. In 2017, we expect the application will become the new unit of focus for security teams, who will align themselves more closely with application teams to deploy their controls. Containers and DevOps will further fuel this model.
These new approaches to application development will result in application teams being more declarative of the components that make up their applications, which will aid security teams in aligning their controls around applications and data. We’ve already begun to see evidence of this trend with the growing popularity of network micro-segmentation, a process by which a critical application or compliance scope is compartmentalized in a segment and endpoint and network controls are aligned to that boundary. We predict that adoption of this and other application-centric security ideas will only accelerate in the coming year.
2- Using the cloud to secure, versus securing the cloud
To date, the security discussion around the cloud – both public and private – has centered around how to secure it. And while concerns and challenges remain, in 2017 we believe security teams will increasingly look to the cloud to capitalize on security approaches that have not been possible in the world of traditional data centers. As part of that movement, we will see a growing number of technologies and techniques to leverage the cloud to secure applications and data – including controls and policies that follow the workload, the use of dynamics to limit persistence, automation of security incident response, micro-segmentation, greater visibility and control, and so on. As the cloud shifts away from its “just trust us” roots toward more customer visibility, more inter-customer isolation and 3rd party attestation (less faith based trust), the cloud will become more secure and digestible for broader ranges of applications and services.
3- Simplicity and automation become the new dimension of innovation in security
Security has become astronomically complex, and the limiting factor for most security organizations is the lack of qualified human capital available to run it. Both the scarcity of talent and the difficulty of funding additional headcount (which is often even more challenging than funding capital expenditures) have hampered organizations’ ability to adopt powerful new security technologies. We see a tipping point ahead. The talent shortage will drive a new wave of security technologies designed to both simplify and automate the process of securing critical infrastructure and applications, both on-premises and in the cloud. Already there are a host of companies working toward automating incident response. The desperate need to stay ahead of an ever-worsening threat landscape will continue to spur innovation in other areas along this same dimension – including threat detection and predictive analytics – where elbow-grease alone can no longer do the job.
4- More sophisticated attacks from less sophisticated attackers
Just as defending data is becoming an increasingly complex job, so too are the attacks themselves. Increasingly sophisticated attack techniques deployed by nation-states and organized crime require very specialized skill sets. But the trend towards automation we mentioned earlier is a double-edged sword. The weaponization of cyberspace has driven a wave of new, more automated tools for creating and managing sophisticated attacks. Prominent examples of these kinds of attack / malware tools including Zeus (for building Trojans) and BlackPoS (which was used to attack point-of-sale terminals in several prominent retail breaches). The rise of this kind of advanced yet easy-to-use malware means we will begin to see significant attacks from a much broader range of attackers. We already see an expansion of the advanced attacker population and motivation to include things like political activism/dissent. The trends we mentioned earlier will certainly help mitigate these new threats in the long run, but things will get worse before they get better.
5- Mobile security and identity controls collide
So far, mobile security and identity and access management (IAM) have largely remained two separate markets – but we see them on a collision course. Mobile devices are already a critical component of the knowledge worker’s toolkit. They are being used as communication devices, data storehouses and application portals, and increasingly they are being used as a credential and authentication mechanism. As a result of this move to mobile, identity is rapidly moving to a risk-based behavioral model, where the IAM solution factors in the risk of the endpoint device, the criticality of the application and data being accessed and the level of confidence that the user really is who they say they are. The motivation for “risk-based” controls has been that authentication and isolation have not been enough to support trustworthy identity. Evidence of behavioral consistency helps address the risk that authenticated, isolated and trusted services have been taken over by exploiting imperfections in their implementation or infrastructure. We’ve already begun to see some unified security solutions that blend these two components, and we expect this trend to accelerate in the coming year.