Cybersecurity predictions for 2017

“Prophesy is a good line of business, but it is full of risks,” as Mark Twain wrote.  Looking back at the predictions we made at the start of 2016, I think many of them did in fact come true:  cloud services matured; enterprises embraced public cloud services; security talent continued to be in short supply; and OpenStack deployments grew.  So what can we expect to see in cybersecurity over the coming 12 months?  I sat down with Avishai Wool, AlgoSec’s CTO and Edy Almer our VP of Products to get their predictions for 2017.

Reacting faster

Up until now, cyber security teams have focused more on taking proactive action rather than reactive response – the latter being perceived as slightly negative. However, as sophisticated attackers have demonstrated that they are able to penetrate the first line of (proactive) defense, we are now seeing organizations focusing on strengthening their ability to react faster to security events and incidents.  Security-conscious organizations are setting up a wide variety of sensors and SIEM solutions in their security operations centers, with the aim of being able to quickly detect malicious activity already on their networks.

We believe that this is absolutely the right approach, and it seems Gartner says the same. In their Designing an Adaptive Security Architecture for Protection from Advanced Attacks research note, Neil MacDonald and Peter Firstbrook suggest that “Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.”(1)

We expect to see this trend continue into 2017 because it’s wise to assume that no matter how strong your defenses are attackers will still be able to get in.  The crucial point to remember is that these incident detection and response approaches are not an alternative to existing defenses – firewalling, network zoning and so on are still essential in order to make it as difficult as possible for attackers to break into corporate networks. But the concept of “defense in depth” is as valid as it ever was: it means to have both a strong perimeter, and  robust incident response capabilities behind it.  It’s also important that organizations go beyond simply detecting security incidents, and evaluate how they should respond to them by applying business context to the attacks so they can understand the impact on business processes and prioritize the right remediation actions at the right time.

Cloud convergence

Cloud is fast becoming the new normal for enterprise IT:  a recent study from 451 Research suggests that enterprise IT workloads in the cloud will rise from 41% in 2016 to 60% in 2018.  But which deployment model will organizations favour – private cloud or public?  The lines that have separated the two models are starting to get blurred – as we saw with the recent agreement between VMware and Amazon which suggests that VMware will provide its expertise and management capabilities for enterprises to run their AWS estates using familiar VMware controls.  We believe that this convergence between public and private clouds will increase, with software vendors and public cloud providers forming more partnerships and streamlining their offerings.

This in turn raises some interesting questions with regards to security controls: what will the relationships be between the various security tools offered by vendors and cloud providers? Will they co-exist, or will one set control the other set?  It’s difficult to predict, but we would advise that organizations bear this issue in mind when deploying cloud environments, and think carefully about how they can achieve a single, unified, easy-to-manage set of security controls for their entire hybrid cloud environment.

Security as a driver to the cloud

As part of this consolidation in the cloud sector, security is now no longer a reason to not move to the cloud.  Instead, the availability of more efficient, interoperable security controls from vendors and service providers is being seen as a driver for migrations to cloud environments, and will help to drive the growth in cloud enterprise workloads.  This is a reversal of the situation at the outset of cloud computing, where security was seen as the biggest barrier to its adoption.

In addition, while AWS and Microsoft Azure currently dominate the public infrastructure as a service (IaaS) sector, and Google Cloud is gaining traction, we believe we can expect additional challengers to emerge in the coming year: Oracle Cloud Computing, AT&T’s Domain 2.0 and Alibaba Cloud will be interesting players to watch.

OpenStack gets less open?

While OpenStack deployments did grow in 2016, it’s interesting to note that in November, HP announced that it has moved away from OpenStack.  In addition, Rackspace added “MultiCloud Management” that includes AWS and Azure beyond its own Openstack Cloud.

Because it is an open source community, there are multiple flavors of OpenStack with different development directions, which in turn means that a given OpenStack-based solution – including its security tools – may not be compatible with other flavors. This can present a significant challenge for companies wanting to deploy an OpenStack SDN environment, as they may have fewer choices in terms of which security, risk and compliance solutions services they can layer onto their environment.  In light of HP and Racksspace’s announcement we recommend that organizations considering an OpenStack deployment should carefully evaluate the options available to them before committing to a particular vendor or distribution.

With these predictions, let’s hope for a successful, less risky and more secure 2017. Happy New Year!

[1] Source: Gartner, Designing an Adaptive Security Architecture for Protection from Advanced Attacks, by Neil MacDonald, Peter Firstbrook, January 28, 2016.