The start of a new year often requires a look back at the previous year’s trends and lessons learned. It helps formulate predictions for the coming year. Earlier this month, we talked to Jon Kim, Director of Iron Bow’s Cyber Security Practice, and he pointed to continued security issues around mobility and the consumerization of IT. Similarly, in this post, we asked Isabelle Dumont of Palo Alto Networks to share her predictions, and she noted that cloud and mobile security will remain top of mind in 2014.Below is her full set of predictions:
In December, the Palo Alto Networks team released a stream of 2014 technology predictions related to various aspects of cybersecurity. Below is a compilation of the five most relevant ones for federal agencies and other public services.
1. The demand for cyber security skills will reach new highs. Keep your teams equipped with the right tools!
Advanced threats have become commonplace, and the demands on existing incident response teams have begun to outstrip capacity, especially in enterprises and government entities where cyber security skills are already in short supply. A recent Ponemon Institute survey concluded that only 26 percent of security professionals felt they had the expertise to keep up with advanced threats. Equally important to investing in training and hiring cyber security professionals, governments and federal agencies should evaluate whether they equip their teams with security solutions that perform well. The security market is in transition, and they should look for modern products with innovative architecture.
2. Threat detection times will decrease in 2014
This may be a controversial prediction amongst those who prefer to prey on fear, but breach detection times will continue to decrease in 2014. Enterprise security has undergone a massive transformation since the introduction of next-generation security concepts and has moved from an emerging technology to one that’s universally deployed. Newer, advanced security services enable enterprises to accelerate the detection of unknown threats and gather that information into a threat intelligence cloud that’s developing an impressively high IQ. The net result will be a measurable reduction in the time it takes to detect a breach and to block its propagation through any network.
3. As cloud adoption grows, cloud will need – and will get – a security makeover
Organizations continue to adopt cloud computing, moving from virtualized application silos (web, app, database tier) to more flexible cloud architectures that enable the delivery of any application on any server at any time. Most will deploy a hybrid model where certain applications are offloaded to public clouds while others continue to reside within private cloud boundaries. The decision between public or private clouds will depend largely on network security requirements.
Security has remained one of the greatest barriers preventing cloud computing from reaching its full potential, and in our recent Cloud Computing & Security survey, about 60 percent of respondents told us that delays in applying security have a negative impact on operational efficiency. In 2014 next-generation network security and network virtualization will come together to form a new paradigm for cloud security. Innovations in network virtualization have enabled automation and transparent network insertion of next-generation security services into the cloud such as those provided by Palo Alto Networks.
4. Cyber criminals will target data centers’ control systems and supporting infrastructure
We expect a significant increase in attacks where smart hackers target the weakest parts of a data center support infrastructure. Federal agencies and governments have made strides in strengthening their data center security. But, they will need to do the same for support systems such as HVAC, cooling and other automated systems that help power, clean and maintain a data center, or they’re leaving the whole data center vulnerable. Remember what happened in Australia earlier this year when attackers hacked local Google data centers using the building control system.
5. Bring your own device (BYOD): If you can’t fight it, embrace it
Many organizations still take a “lock it down” approach to the use of personal mobile devices at work and implement policies that are so strict they eliminate the productivity and flexibility benefits of BYOD. But users always find a way to use smartphones and tablets on networks whether admins like it or not. In 2014, a majority of organizations will finally turn away from the “lock it down” approach in favor of a mobile security model that gives users some breathing room while preserving the secure enterprise network.