4 New Realities That Are (Finally) Shaking Up Security
4 New Realities That Are (Finally) Shaking Up Security
Take a look at some of the trends in security that are creating movement in the the process and tools in security and data managment.
Join the DZone community and get the full member experience.Join For Free
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.” It’s funny that such a thought came from a tennis superstar rather than a cybersecurity professional, but that doesn’t diminish from its astounding prescience in today’s digital world.
Data has transformed into a valuable commodity. Security has changed alongside it, but at the same reactive pace that it always has. The job of a security professional has always been to respond to threats, continually re-fortify defenses, try to anticipate what may occur and plan accordingly.
Now, new realities are forcing security to be more proactive, vigilant, and comprehensive than ever. It is currently experiencing a revolution as these changes in society, technology, and the professional world morph the way we organize our networks and data - but security is up for the challenge.
Reality #1: COVID-19 and Remote Work
In the past handful of months, employees around the globe have moved from the office to their homes. These workers are supposed to maintain their productivity and social distance alike, yet their dispersal is an obstacle for security. More employees are connected to the cloud-based resources that companies have spun up in response to the remote work migration. This reduces visibility for IT professionals over the network and exposes it to unfamiliar devices, potentially unsafe Wi-Fi networks, cloud configuration mishaps and more.
The Shake-Up: To deal with the influx of various endpoints connecting to increasingly cloud-based resources, security solutions like Cloud Access Service Broker are gaining popularity among companies that have responded to COVID by rushing into the cloud. When combined with 2-factor authentication, companies have improved cloud access control that can help them guard their complex networks against a plethora of new COVID-adjacent attacks.
Reality #2: Tool Sprawl
It’s not a problem in-and-of-itself that companies are embracing cloud-based solutions, but when they do it in piecemeal fashion, it puts a burden on IT. Orchestrating multiple security products from different vendors used to be manageable, but now has significantly diminished returns. Even a wrong setting in the configuration panel can open a breach into the entire network. More than that, getting many security solutions to work together with a network’s unique local and cloud resources is simply a time investment better spent elsewhere.
The Shake-Up: Security is going through a consolidation process that has already occurred to other industries, so we know what to expect. Much like Microsoft did after Word, Excel, Powerpoint and then mashing them together “as a Service”, security’s great consolidation comes in the form of SASE (Secure Access Service Edge). Mergers, acquisitions, and buyouts are occurring at a breakneck pace to assemble the version of SASE that Gartner first described in its seminal late 2019 research report: a single product combining various vital networking and security tools consumed via the cloud.
Reality #3: 5G is Incoming
4G internet is yesterday’s news, and 5G is on the horizon. Orders of magnitude faster than its predecessor, 5G internet will have significant security implications for businesses. With more vectors such as IoT through which hackers can reach the network, visibility problems will occur in parallel with new threats. Exfiltration of data by hackers will also occur faster, given more bandwidth availability, and new attacks will doubtless sprout up to take advantage of 5G radios and the devices they’re embedded in.
The Shake-Up: The onset of 5G puts the spotlight on our need for multi-layered security with encryption, access controls, segmentation, monitoring and more. Products like SASE, described above, will be necessary to identify and view all endpoints connected to the network and cut it into slices where specific endpoints can and cannot reach.
Reality #4: Espionage and Insider Attacks
Breaches into the network aren’t always malicious, or from outside its perimeter. Employees themselves are an organization’ weakest link, and make up more than half of data breaches now occurring. Espionage is a similar issue, but whether the data leak is because of poor password hygiene or pure theft, security is waking up to the idea that protecting the outer perimeter from within is a flawed approach.
The Shake-Up: To respond to the notion that the network perimeter is now as shapeless as it is irrelevant, a new breed of Zero Trust security products is gaining attention. Rather than accepting user credentials in exchange for unlimited network access, Zero Trust products help companies to split the network into custom pieces, and give least-privilege, constantly-monitored access to the pieces that their various employees need. This ensures that not everyone who has access is an equal threat, drastically shrinking the attack surface.
There is a lot to look forward to in the security sector. Most excited will be the IT managers who can finally have a blueprint for how to deal with modern networking and security issues, especially those that are encountered with increasing frequency lately. Soon, more comprehensive security solutions will be commonplace, and the age of enormously devastating breaches will be a spectre of the past.
Opinions expressed by DZone contributors are their own.