DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.
Guest blog by Tom Corn, Senior VP of Security Products at VMware
Tackling the cybersecurity issues facing the modern enterprise: as businesses accelerate along their digital transformation journey, new approaches to cybersecurity will become essential. More so than ever before, security is top of mind for organizations. As data center infrastructure increasingly moves to the cloud, new approaches to security are needed. Below I’ve outlined five things in terms of security we should expect to see this year:
Application is king
Security teams have traditionally concerned themselves with protecting data center infrastructure, and they’ve worked most closely with infrastructure teams to deploy, align, and manage security controls. That approach needs to change in the hybrid cloud era. Ultimately, the applications and data are what we are trying to protect. We expect the application will become the new unit of focus for security teams, who will align themselves more closely with application teams to deploy their controls. Containers and DevOps will further fuel this model. These new approaches to application development will result in application teams being more declarative of the components that make up their applications, which will aid security teams in aligning their controls around applications and data.
Using the cloud to secure, versus securing the cloud
To date, the security discussion around the cloud – both public and private – has centered around how to secure it. We believe security teams will increasingly look to the cloud to capitalize on security approaches that have not been possible in the world of traditional data centers. As part of that movement, we will see a growing number of technologies and techniques to leverage the cloud to secure applications and data – including controls and policies that follow the workload, the use of dynamics to limit persistence, automation of security incident response, micro-segmentation, greater visibility and control, and so on. As the cloud shifts away from its “just trust us” roots toward more customer visibility, more inter-customer isolation and 3rd party attestation (less faith based trust), the cloud will become more secure and digestible for broader ranges of applications and services.
Simplicity and automation become the new dimension of innovation in security
Security has become astronomically complex, and the limiting factor for most security organizations is the lack of qualified human capital available to run it. Both the scarcity of talent and the difficulty of funding additional headcount (which is often even more challenging than funding capital expenditures) have hampered organizations’ ability to adopt powerful new security technologies. We see a tipping point ahead. The talent shortage will drive a new wave of security technologies designed to both simplify and automate the process of securing critical infrastructure and applications, both on-premises and in the cloud. Already there are a host of companies working toward automating incident response. The desperate need to stay ahead of an ever-worsening threat landscape will continue to spur innovation in other areas along this same dimension – including threat detection and predictive analytics – where elbow-grease alone can no longer do the job.
More sophisticated attacks from less sophisticated attackers
Just as defending data is becoming an increasingly complex job, so too are the attacks themselves. Increasingly sophisticated attack techniques deployed by nation-states and organized crime require very specialized skill sets. But the trend towards automation we mentioned earlier is a double-edged sword. The weaponization of cyberspace has driven a wave of new, more automated tools for creating and managing sophisticated attacks. The rise of this kind of advanced yet easy-to-use malware means we will begin to see significant attacks from a much broader range of attackers. We already see an expansion of the advanced attacker population and motivation to include things like political activism/dissent. The trends we mentioned earlier will certainly help mitigate these new threats in the long run, but things will get worse before they get better.
Mobile security and identity controls collide
So far, mobile security and identity and access management (IAM) have largely remained two separate markets – but we see them on a collision course. Mobile devices are already a critical component of the knowledge worker’s toolkit. They are being used as communication devices, data storehouses and application portals, and increasingly they are being used as a credential and authentication mechanism. As a result of this move to mobile, identity is rapidly moving to a risk-based behavioral model, where the IAM solution factors in the risk of the endpoint device, the criticality of the application and data being accessed and the level of confidence that the user really is who they say they are. The motivation for “risk-based” controls has been that authentication and isolation have not been enough to support trustworthy identity. Evidence of behavioral consistency helps address the risk that authenticated, isolated and trusted services have been taken over by exploiting imperfections in their implementation or infrastructure. We’ve already begun to see some unified security solutions that blend these two components, and we expect this trend to accelerate in 2017.