2018: A Sea of Secure Possibilities?

The playwright, Tom Althouse, once wrote “Fear not the unknown, it is a sea of possibilities”. Yet in the world of enterprise network security there is perhaps no greater fear than that of the unknown – unknowns have the potential to severely disrupt business, causing millions of dollars’ worth of damage.

It is perhaps for this reason that, at the end of every year, I like to review the past year, as well as try and predict what the coming year will bring.

The only way is up for hybrid environments 

In 2018, I foresee 4 key trends:

1. Hybrid cloud enterprise environments will continue to grow, driven by large enterprises (even those in sectors that are traditionally more cautious), who will expand the use of public cloud platforms.
2. More and more cloud deployments will move out of ‘shadow IT’ environments and into the enterprise-sanctioned production environments.
3. Applications that are deployed in the cloud will need to continue to integrate with other parts of the infrastructure that remain in traditional on-premise data centers in order to function.
4. Public cloud deployments will not replace existing data centers, but rather curtail the deployment of new ones.

In the short term, my expectation is that managing these hybrid environments will only get more complex. To help deal with this increasing complexity, application owners and IT teams alike are going to need holistic visibility and control over their on-premise and cloud environments, to ensure the organization remains secure and compliant.

Groupware and collaboration tools to become more critical in enterprise environments

Collaboration tools such as Slack, MS Teams and Skype for Business are already well established in the enterprise environment, providing a convenient way for employees to have group discussions and complete collaborative business tasks.  Moving forward into 2018 I believe this trend will evolve to include the adoption of automated chatbots within development, IT and infosecurity teams.

For instance, enterprises can use chatbots to automate information-sharing across silos, such as between IT and application owners. So rather than having to call somebody and ask them “Is that system up? What happened to my security change request?” and so on, tracking helpdesk issues and the status of help requests will become much more accessible and responsive, through the use of these types of groupware systems.

Chatbots will also make access to siloed resources more democratic and more widely available.  Naturally this concept has its own security implications, and there must be some kind of access controls in the background to make sure that the information is available to only those that are eligible to consume it, and not others. However, the real point is that these systems will finally bring key security information from within various siloed systems closer to internal stakeholders, making it easier for them to get the information they need, and enabling faster decision-making.

We will finally put the Sec in DevOps

Finally, I believe that 2018 will be the year where we really start to see security being baked into the DevOps process. The driver for this will be a desire to develop a culture of what Gartner has called  the ‘Continuous Adaptive Risk and Trust Assessment’ (CARTA) approach, which enables organizations to ‘allow for real-time, risk and trust-based decision making with adaptive responses to security-enable digital business’.

As part of a CARTA approach, organizations must overcome the barriers that exist between their security, application and development teams. This means introducing and automating security processes at an early stage in the DevOps process, so that when developers plan and make changes to business applications, the appropriate security reviews, and recording and auditing of changes, are done automatically at the same time and as part of the process.  This ensures that security doesn’t become a bottleneck that slows down application development or updates, and enables true DevSecOps. I believe this will be part of a broader trend where security technologies and processes work with and enable the business, rather than it being added on at the end, and inhibiting the business.

So, while the world of enterprise IT will always be wary of the unknown, there are many positive possibilities for the coming year.

Happy New Year everyone!