Virtualization Technology News and Information
Article
RSS
Bomgar 2018 Predictions: IoT, AI, Cloud and Beyond

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual VMblog.com series exclusive.

Contributed by Sam Elliott, director of security product management at Bomgar

IoT, AI, Cloud and Beyond

Today's business and security landscapes have changed over the years, especially in the wake of countless data breaches. We've gone from one device per user to four or five devices per user, multi-cloud environments and a diversity of security threats that includes intractable malware, malicious insiders, compromised privileged accounts and ransomware.  It's no secret that organizations need to get serious about security, but that's not always the case.

Productivity concerns are a key reason many companies are hesitant to invest in new security solutions. After all, if security tools impede workflow, adoption will be low and employees, vendors and other external parties might embrace a workaround that in turn introduces new security vulnerabilities into the organization. Achieving that balance between security and productivity is still the ultimate goal of most organizations.

With that said, below are six security concepts to keep in mind entering 2018:

Security software to mitigate bad user behavior, talent shortage

Security professionals tend to think about the "latest and greatest" and the next big thing, such as how AI will be the next great tool in security. But hackers are beating defenses with basic tradecraft. It's usually not anywhere near the level of sophistication one might think. The challenge companies face is getting security in place that is useful and helps people do their jobs, but keeps bad user behavior from being a persistent threat. Also, the cybersecurity talent shortage is becoming a real issue - there is no simple answer except greater reliance on security software.

Security Complications of the IoT

The IoT is going to continue to be a security risk as threats grow in size and scope. Even as businesses become more aware of security risks, and developers try to work harder to secure connections, in many cases security isn't a consideration at all, or it's only added at the end. When a botnet occurs, such as the Reaper botnet, it's extremely difficult to ascertain how widespread it is, or the motivations, or what has already been affected. Things like smart toys and the next cool, connected thing are making this scenario more complicated.

Risk Assessment Before Advancements  

Businesses can't begin the conversation of what data and systems to prioritize until a risk assessment on gaps and openings from an attack vector standpoint is conducted. Rather than going after the new, shiny security tool, companies should focus on the basics of good enterprise credential hygiene and best practices of access controls.

AI Distractions

AI has its place in sifting through the data, making sense of all the false positives, and surfacing the real, meaningful alerts so that a human can do something about it. While AI will gain more importance moving forward, right now it can be a distraction. There are other things that probably take precedence over seeking out AI-assisted threat intelligence.

Cloud Growth, Same Nagging Security Concerns

Cloud growth really depends on the type of system that's in the cloud. While many companies are resistant to put passwords and credentials in the cloud, other security necessities with data that is less critical are already shifting there. In the year ahead, expect more of these shifts to take place, understanding that there is still a way to go before all applications are based in the cloud.

The Future of Work & IT Operations

In 2018, there will be an evolution toward the "managed security as a service" provider. More companies are looking to outsource how they acquire and manage security solutions, and managed security service providers can help ensure the right tools and technologies are in place to mitigate insider threats, control access and minimize external threat actors.

It's important to be not only knowledgeable but sensible about your IT environment, your risk profile and your privileged access needs to have a handle on the ever-changing security landscape. To deploy security solutions that are well-suited for customers' needs, organizations must consider the above concepts for a successful defense-in-depth strategy to help protect themselves against cybersecurity threats.

##

About the Author

Sam-Elliott 

At Bomgar, Sam Elliott leads a team of product managers responsible for developing strategy and defining, managing and launching new cybersecurity product suites and offerings. Previously, Elliott held similar positions at BMC Software and Numara Software. He can be found on Twitter @samelliott. 

Published Wednesday, December 27, 2017 8:01 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2017>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456