Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by John Morello, Chief Technology Officer at Twistlock
Security as A Primary Focus
From political scandals to the Equifax breach and WannaCry hack, no industry was left unscathed from hackers on a mission in 2017. It's no doubt that security was top of mind for all organizations this year - if it wasn't already. In 2018, companies will rethink their security strategy and implement new tactics and measures in order to better protect themselves. There are many ways this will happen, but my bet is machine learning will have a stronger role in security tools, while IT teams shift their focus to better manage automated systems.
Machine learning will play a critical role
With the expansion of DevOps and microservices, today's software is divided and packaged into much smaller entities - resulting in less complex entities, but more of them, than before. With more entities, it's difficult to rely solely on manual security configuration and automation must be introduced. However, the fact that each entity is simple, makes it possible to effectively learn and enforce its behavior, creating stronger protection than before. Utilizing the latest machine learning techniques enables the ability to automatically create tight and customized behavioral protection around each microservice. In 2018, better learning in security tools and services will help companies scale security more efficiently.
Companies will rethink management of automated systems
Throughout the past year, we've seen that the biggest threats are less about technical defects and vulnerabilities, and more about the challenges organizations face in managing increasingly large, sophisticated, but non-automated systems. As organizations across all industries and sizes become more software oriented, their security tools and practices are struggling to keep up with new platform's rapid pace of change. CISO's are getting pulled in two opposing directions: don't slow down the innovation in the business, but provide security across a constantly shifting baseline. It's difficult to excel in both simultaneously. In 2018, IT teams will be required to rethink the way they build and operate security organizations and the staff they hire, to have more depth on automating security practices.
Hacking public opinion is officially a thing
Threat actors that target manipulation of societies and communities of interest at the national and international levels will be more prevalent in 2018. This became common and persistent in the US during 2016 and 2017, and other governments and citizenries around the world are likely to be similarly affected next year. Further, cyberhacking terrorist activities will likely drive governments around the world to seek more surveillance capabilities, which could further clash with privacy advocates. The debate between government surveillance and privacy will reach new heights, prompting tech companies to increasingly take clear positions in the debate on how they build their products.
Shift left will persist
Continuing the ‘shift left' of security responsibility, adoption of DevSecOps practices will be critical for organizations looking to avoid breaches of the Equifax scale in 2018. It's no longer enough to have a siloed security team trying to catalog and prevent known threats. Applications must be built with security in mind, and to do this, development teams need to be given the tools, information and training that allow them to address risks before code is deployed. These DevOp pipelines will increasingly include security as a mandatory component prior to deployment, meaning developers will need to be progressively conscious of how responsive the projects and companies they build on are to security vulnerabilities.
##
About the Author
John Morello is the Chief Technology Officer at Twistlock. As CTO, John leads the work with strategic customers and partners and drives the product roadmap. Prior to Twistlock, John was the CISO of Albemarle, a Fortune 500 global chemical company. Before that, John spent 14 years at Microsoft, in both Microsoft Consulting Services and product teams. He ran feature teams that shipped security technologies in Windows, Azure, and Office 365 and served as the Lead Architect of the hybrid cloud consulting team for the Americas. John lives in Louisiana with his wife and two young sons. A passionate fisherman and scuba diver, he also serves as Chairman of the Coalition to Restore Coastal Louisiana.