Predictions for IT Security in 2015: Cloudy with a chance of security, microsegmentation and SDDC

As 2014 draws to a close, it’s time for some predictions for the year to come. Some of some of what we see developing in 2015 continues clear trends we’ve been watching at customer sites and across the industry for months or even years, while others have emerged more recently. So what do we see? 

Hybrid is here: First, in 2015 we will begin to see full scale, enterprise-sanctioned public cloud deployments and far fewer Shadow IT deployments in the cloud, as companies take control of these covert activities and start viewing the public cloud as a strategic investment. In fact, according to our recent survey, 70% of survey respondents anticipate that they deploy 10% to 60% of their business applications on public IaaS platforms within the next three years.

However the survey also exposes some of the significant security challenges enterprises will face as they attempt to unify their security policy strategies across hybrid cloud environments, including:

• Lack of visibility across the hybrid environment
• Lack of tools to extend the corporate policy across the hybrid environment
• Lack of operational workflows across the hybrid environment
• Problems demonstrating compliance

Therefore in 2015, we predict that both vendors and enterprises will be scrambling to solve these challenges through products enhancements and extensions, partnerships and integrations. Based on conversations with our customers, industry analysts as well as our own research, Amazon Web Services followed by Microsoft Azure have already become the IaaS platform of choice for most organizations, and therefore development and integration efforts will focus on them first.

Network security – different strokes for different folks: No surprise here, in 2015 cyber-attacks will likely become more and more sophisticated and we’ll continue to see high-profile breaches that exploit a lack of network segmentation across the organization. Therefore network security will continue to be a hot topic in the coming year, with two apparently opposed trends both gaining steam.

On the one hand, small and medium sized enterprises will consolidate more security controls, such as IPS and URL filtering onto their firewall platform. For these companies, the all-in-one control and platform saves money and streamlines network security.

Larger companies, in contrast, will gravitate to more specialized detection tools in order to identify breach attempts earlier. More tools often means more vendors, however, so consolidating information and ensuring visibility will require a strategic, possibly ‘crowdsourcing’ type approach. We also expect to see more advanced containment methods deployed to counter the increasingly sophisticated nature of recent attacks.

Blocking continues to be a primary containment strategy, but we’re also seeing wider adoption of default quarantining of threats to enable security time to investigate any anomalies before they get out of hand. Unlike blocking, quarantining allows vetted traffic to proceed once released, so it disrupts business less, while still protecting the network and the business.

Microsegmentation will become a necessity: Look, we know no one wants to do microsegmentation. It’s hard. It’s expensive. But here’s the kicker: It works. We’re not going to see fewer high-profile breaches anytime soon, but with more microsegmentation we could see much less damage because attackers won’t be able to easily get through multiple layers of protection. What’s clear today is that relying on perimeter protection alone to secure your key data puts the heart of your business—and your job—at risk. The fact that your servers haven’t been breached doesn’t mean they can’t be breached. And, if they are, you’re going to want the bad guys to encounter some internal firewalls. So, we predict a notable increase in time and money devoted to microsegmentation.

Software Defined Data Center (SDDC) will be hard to resist: Following the application migration path, more and more data centers are going virtual. Software-defined data centers can offer significant operational efficiencies and cost savings and the appeal of controlling IT resources from a single screen with the touch of a button is hard to resist. The agility and ease of integration that comes with SDDC makes this transition a trend to watch in 2015, though we expect it may take years for companies to fully replace major legacy systems with their software equivalents.

Security hiring will become easier: We’ve reached the point where the proverb “the perfect is the enemy of the good” applies to IT security staffing. Increasingly sophisticated, automated tools combined with overtaxed IT budgets have made the search for high-end experts a near impossible venture. In 2015 and beyond, the smart money will invest in products that simplify network security analysis and then choose good analysts who can evaluate and act on multiple sources of information. By the time the “perfect” expert comes along, you could have someone smart, if less experienced, proficiently using the tools you already have in place for months.

What trends do you see emerging in IT security in the coming year?