Virtualization Technology News and Information
Netwrix 2015 Predictions: Risk Mitigation Drives Changes to IT Security in the Cloud and Beyond


Virtualization and Cloud executives share their predictions for 2015.  Read them in this series exclusive.

Contributed article by Michael Fimin, CEO, Netwrix

Risk Mitigation Drives Changes to IT Security in the Cloud and Beyond

The evolution is constant. Information technology is impacting more and more aspects of our personal and professional lives. As the complexity and diversity of devices, platforms and modes of technological interaction advance, so do the associated risks from malicious individuals and criminal organizations that wish to exploit and leverage technology for their own purposes.

Following are some of the most crucial areas to keep watch over in 2015 when it comes to the cloud and other next-generation computing platforms:

1. Security and the Cloud. Many individuals and enterprises are already using cloud technologies - such as Software as a Service (SaaS) and Infrastructure as a Service (IaaS) - to store sensitive information and perform business-critical tasks. In response to security concerns and risk management challenges related to cloud computing, the industry continues to look for ways to overcome the market's security concerns about the adoption of cloud technology.

The security of cloud technologies will continue to develop in 2015, focusing on improved data encryption; the ability to view  audit trails for configuration management and the secure access of data; and the development of security brokers for cloud access, allowing for user access control as a security enforcement point between a user and  cloud service provider.

2. Mobile Security. As the adoption and standardization of a few select OS platforms grows, the opportunity for an attack also increases. For the past few years we have seen a growth in smartphone malware, increases in mobile phishing attacks and fake apps making their way into app stores. Targeted attacks on mobile payment technologies can also be expected.

In 2015, we will see various solutions introduced to improve mobile protection, including the development of patch management across multiple devices and platforms, the blocking of apps from unknown sources and anti-malware protection.

3. Security in the Software-Defined Data Center. "Software defined" usually refers to the decoupling and abstracting of various infrastructure elements followed by a centralizing of control. Software-defined networking (SDN) and software-defined storage (SDS) are clearly trending and we can expect this to expand in 2015.

While these modular software-defined infrastructures certainly improve operational efficiency, they also create new security risks. The centralized controllers can become a single point of attack and the cost of malicious attacks and user errors is high.

The adoption of this approach may be growing, but it is still not widespread enough to become a common target for hacker attacks in 2015. However, as more companies run SDN and SDS deployments as pilots or proofs of concept, we expect their security concerns will be raised and addressed by the market. Expect more of a focus on security from manufacturers, as well as new solutions from third party vendors.

4. Securing the Internet of Things. The Internet of Things (IoT) universe is expanding and a growing diversity of devices are connecting to the network and/or holding sensitive data. This includes everything from smart TVs and Wi-Fi-connected light bulbs to the adoption of standard Internet Protocols in complex industrial operational technology systems.

The IoT is likely to play a more significant role in business innovation in 2015 and beyond. The devices and systems that connect to it, meanwhile, require proper management, as well as security policies and provisions. The security ecosystem that has not yet formed around many of these devices will continue to develop.

We do not expect attacks on the IoT to become widespread in 2015. Most attacks are likely to be "whitehat" hacks to report vulnerabilities and proof of concept exploits. That being said, sophisticated targeted attacks may go beyond traditional network and PCs, depending on the nature of the victim's specific business processes and connected devices.

5. Next Generation Security Platforms. In 2015 and beyond, we predict that there will be more vendors in the information security industry talking about integration, security analytics and the leveraging of big data.

With data coming from more and more sources today, big data and analytics are starting to play a crucial role in IT security, prompting many organizations to change their approach to this issue. Security analytics platforms have to take into account the various internal data sources as well as the external feeds, such as online reputation services and third party threat intelligence feeds.

The role of context and risk assessment will also become more important. The focus of defense systems becomes more about minimizing attack surfaces, isolating and segmenting the infrastructure to reduce potential damage and identifying the most business-critical components to protect.

Looking back at previous years, which were full of unprecedented security incidents, new security challenges will, unfortunately, continue to arise. IT professionals should be armed with mission-critical information on what security threats they might face and be prepared to defend against them in advance.


About the Author

Michael Fimin is an accomplished expert in information security, CEO and co-founder of Netwrix, the #1 provider of change and configuration auditing solutions.

Netwrix delivers complete visibility into who did what, when and where across the entire IT infrastructure.

Published Tuesday, December 16, 2014 8:03 AM by David Marshall
@VMblog - (Author's Link) - February 10, 2015 6:57 AM

Once again, how great is it to be a part of the virtualization and cloud industries? 2014 was another banner year, and we witnessed a number of fantastic technologies take shape and skyrocket. And I, along with many industry experts and executives, media

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2014>