Virtualization Technology News and Information
Menlo Security 2016 Predictions: Partnerships, Improved Security Delivery, UX Overhauls and a Widening Skills Gap

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual series exclusive.

Contributed by Kowsik Guruswamy, CTO of Menlo Security

Partnerships, Improved Security Delivery, UX Overhauls and a Widening Skills Gap

If 2014 was coined the year of the "mega-breach," than 2015 must be considered the year of the "colossal-breach". Beginning with the Sony hack in late 2014, 2015 saw hacks and attacks spanning from government entities, to Fortune 500 enterprises, all the way down to well-known websites like Forbes. Hackers have continued to become more sophisticated in the way they infiltrate our systems and for the year to come, security professionals should prepare themselves for more cyber attacks, that are harder to detect and more difficult to bounce back from. With every new security measure an enterprise enlists to help defend against attack, hackers will find a way to break through. With more and more of our everyday activity coming online, more of our personal data will be at risk. Because of these industry factors, in 2016, we will begin to see more consolidation and partnerships in the market, companies recruiting new security delivery mechanisms, end-user awareness or "un-awareness", and more alert fatigue for security professionals.

The year of partnerships

Trusted security vendors, many of which are billion dollar corporations, are becoming victims of their own success and aren't delivering on their promise to protect customers. Threats have reached an unprecedented level of sophistication, spurring enterprises to look elsewhere for security solutions that are developing to out-pace the threats. This will drive big security vendors to look elsewhere for innovation and force enterprises to consider start-ups for added security measures. In 2016, we'll see more consolidation in the security market as technology providers strategically partner with security vendors to ensure compatibility and ultimately keep the end user secure. All hands on deck!

Security delivered through the cloud

Gartner predicts that by 2020, 30 percent of global enterprises will have been directly compromised by an independent group of cyber activists or cyber criminals. The security industry is scrambling to find a better way to secure their systems. With the rapid adoption of cloud and virtualization, security technology might finally have an answer. The combination of cloud and virtualization is enabling innovation that we haven't been able to utilize in the past, like Isolation, to get ahead. Cloud and virtualization give businesses the agility and efficiency to instantly roll out new services and expand their security infrastructure on an architectural level. Customers are leveraging these new environments on top of their existing infrastructure, which is now bolstering the case for cloud and virtualization to expand into other facets of the network. This year, more organizations will come to realize the cloud can be used as a delivery mechanism for security, rather than focus on securing it, unlocking benefits never before seen.

End user "un-awareness"

Last year alone, cyber criminals created 317 million new pieces of malware and targeted five out of six large companies for email attacks. While the security technologies in place may not be keeping up with hackers, enterprise employees might be the weakest link. The core of the problem is that most security vendors and practitioners seem to overlook the fact that there are real people browsing the Web and reading Emails. So it should come as no surprise that users will come to dislike, and may even take actions to resist and circumvent, any "solution" that's too intrusive, too burdensome to deploy and maintain, or too hard to use. In fact, it seems that the better the protection provided, the more user experience suffers. While we will see an increased spend on IT security education for employees, enterprises will discover this year that the only way to keep users safe is to alleviate the pain points of securing the Web with new UI and UX techniques. Ultimately people are the weakest links in security and any product that allows users to do their day jobs without putting up barriers is going to win out.

More security alerts than security professionals

According to a Ponemon Institute research report, organizations waste an average of $1.27 million every year responding to false security alerts. Of the 17,000 malware alerts an organization receives each week, only 3,230 are considered reliable, and only 680 of the alerts are actually investigated. Considering the increase in the number of malware created daily and the amplified impact of data breaches year over year, security professionals are overwhelmed with the amount of work put in front of them. As security posture becomes a vital part of investment criteria, security professionals have never been more in demand within organizations. Right now, there are more than 150,000 IT security jobs open in the U.S. alone, but there are only about 14,150 computer science university graduates yearly. Even if that entire graduating class were to go directly into IT security professions, that still leaves a deficit of 135,850 open jobs that cannot be filled. In 2016, we expect to see that shortage triple, given the increase in the number of alerts, adding further to the security skills gap. Universities and schools will need to tailor computer science programs to aid those struggling to keep up.


About the Author

Kowsik Guruswamy is CTO of Menlo Security. Previously, he was co-founder and CTO at Mu Dynamics, which pioneered a new way to analyze networked products for security vulnerabilities. Prior to Mu, he was a distinguished engineer at Juniper Networks. Kowsik joined Juniper via the NetScreen/OneSecure acquisition where he designed and implemented the industry's first IPS. He has more than 15+ years of experience in diverse technologies like security, cloud, data visualization, and computer graphics. Kowsik has 18 issued patents and holds an MSCS from University of Louisiana.

Published Monday, November 23, 2015 9:23 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2015>