It’s that time of year again – time to look forward to 2020 and consider our predictions for what we will see in network security. What do we think the next 12 months are going to look like? What are the challenges, and opportunities, for organizations in the coming year?
Let’s begin by discussing the volume of breaches due to misconfigurations that we saw throughout 2019, such as the incident which impacted Capital One. These are usually caused by simple human error, leaving a security gap that is exploited by actors from outside the organization. Humans are not getting more efficient in avoiding mistakes, so I expect breaches due to misconfiguration to be an ongoing challenge in 2020 as well.
At the same time, the technology environment that the network security staff is working within is getting ever more complex. There are more network points to secure – both on-premise and in public or private clouds – and therefore a much larger attack surface. The situation is getting worse – as highlighted in our survey this year, which showed that two-thirds of respondents use multiple clouds, with 35% using three or more cloud vendors, and over half operating hybrid environments. The only solution to this growing complexity is network security automation. Humans need tools to help them set network configuration more accurately and more efficiently. The demand for security automation is only going to increase in 2020 and beyond.
Achieving and maintaining regulatory compliance has long been a major challenge for networking staff, and as networks become more complex it is only getting harder. In recent years, we have seen a raft of new compliance frameworks introduced across multiple verticals and geographical regions. Regulators worldwide are flexing their muscles.
The crucial point to understand is that new regulations typically don’t replace existing regimes – rather, they add to what is already in place. The list of regulatory demands facing organizations is getting longer and achieving and demonstrating compliance is becoming an ever-larger commitment for organizations. Once again, the only solution is more automation: Being in “continuous compliance”, with automatic creation of audit-ready reports for all the relevant regulations, delivers both the time and resource savings that organizations need in order to meet their compliance demands.
What do I mean by intent-based network security? It is ultimately about asking a simple question – why is this security control configured the way it is?
Understanding the intent behind individual network security rules is crucial for a wide range of network maintenance and management tasks, from responding to data breaches to undertaking network cleanups, from working through vulnerability reports to dealing with planned or unplanned downtime. In every scenario, you need to understand why the security setting is the way it is, and who to notify if something has gone wrong or if you want to amend or remove the rule.
And the answer is always that a particular business application needed connectivity from point A to point B. The organization “just” needs to find out which application that was – and that’s 95% of the intent.
The trouble is that organizations were not diligent enough about recording this intent for a long time. The result has been a huge number of undocumented rules, whose intent is unclear. In other words, organizations are in a brownfield situation; they have too many rules, and not enough information about their intent.
The change we will see in 2020 is more and more deployment of technologies that allow a retrospective understanding of the intent behind security rules, all based on the traffic observed on the network. By listening to this traffic and applying algorithms, these new technologies can reverse-engineer and ultimately identify, and document, the original intent.
Public cloud vendors are providing more and more security features and controls, and this trend looks set to continue, with more security controls becoming available as part of their core offerings. This is a good thing. The more controls available, the more secure organizations can be – if they take advantage of the additional capabilities.
But this doesn’t mean less work for IT and security teams. They need to take ownership of these new capabilities, and to configure and manage them properly – and this takes us straight back to the misconfiguration issue I outlined earlier.
In conclusion, if I had to distill my predictions for network security in 2020 into a single point, it would be the need to embrace more automation across all security and compliance-related processes. This is at the core of enabling organizations to manage the ever-growing complexity of their networks and responding to the constantly evolving threat landscape.
Watch the 9-minute 2020-predictions CouchTalk discussion here.
Receive notifications of new posts by email.