Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Sam Elliott, director of security product management at Bomgar
IoT, AI, Cloud and Beyond
Today's business and security landscapes have changed over
the years, especially in the wake of countless data breaches. We've gone from
one device per user to four or five devices per user, multi-cloud environments
and a diversity of security threats that includes intractable malware,
malicious insiders, compromised privileged accounts and ransomware. It's no secret that organizations need to get
serious about security, but that's not always the case.
Productivity concerns are a key reason many companies are
hesitant to invest in new security solutions. After all, if security tools
impede workflow, adoption will be low and employees, vendors and other external
parties might embrace a workaround that in turn introduces new security
vulnerabilities into the organization. Achieving that balance between security
and productivity is still the ultimate goal of most organizations.
With that said, below are six security concepts to keep in
mind entering 2018:
Security software to mitigate bad user behavior, talent
shortage
Security professionals tend to think about the "latest and
greatest" and the next big thing, such as how AI will be the next great tool in
security. But hackers are beating defenses with basic tradecraft. It's usually
not anywhere near the level of sophistication one might think. The challenge
companies face is getting security in place that is useful and helps people do
their jobs, but keeps bad user behavior from being a persistent threat. Also,
the cybersecurity talent shortage is becoming a real issue - there is no simple
answer except greater reliance on security software.
Security Complications of the IoT
The IoT is going to continue to be a security risk as
threats grow in size and scope. Even as businesses become more aware of
security risks, and developers try to work harder to secure connections, in
many cases security isn't a consideration at all, or it's only added at the
end. When a botnet occurs, such as the Reaper botnet, it's extremely difficult
to ascertain how widespread it is, or the motivations, or what has already been
affected. Things like smart toys and the next cool, connected thing are making
this scenario more complicated.
Risk Assessment Before Advancements
Businesses can't begin the conversation of what data and
systems to prioritize until a risk assessment on gaps and openings from an
attack vector standpoint is conducted. Rather than going after the new, shiny
security tool, companies should focus on the basics of good enterprise
credential hygiene and best practices of access controls.
AI Distractions
AI has its place in sifting through the data, making sense
of all the false positives, and surfacing the real, meaningful alerts so that a
human can do something about it. While AI will gain more importance moving
forward, right now it can be a distraction. There are other things that
probably take precedence over seeking out AI-assisted threat intelligence.
Cloud Growth, Same Nagging Security Concerns
Cloud growth really depends on the type of system that's in
the cloud. While many companies are resistant to put passwords and credentials
in the cloud, other security necessities with data that is less critical are
already shifting there. In the year ahead, expect more of these shifts to take
place, understanding that there is still a way to go before all applications
are based in the cloud.
The Future of Work & IT Operations
In 2018, there will be an evolution toward the "managed
security as a service" provider. More companies are looking to outsource how
they acquire and manage security solutions, and managed security service
providers can help ensure the right tools and technologies are in place to
mitigate insider threats, control access and minimize external threat actors.
It's important to be not only knowledgeable but sensible
about your IT environment, your risk profile and your privileged access needs
to have a handle on the ever-changing security landscape. To deploy security
solutions that are well-suited for customers' needs, organizations must
consider the above concepts for a successful defense-in-depth strategy to help
protect themselves against cybersecurity threats.
##
About the Author
At Bomgar, Sam Elliott leads a team of product managers
responsible for developing strategy and defining, managing and launching new
cybersecurity product suites and offerings. Previously, Elliott held similar
positions at BMC Software and Numara Software. He can be found on Twitter
@samelliott.