Virtualization Technology News and Information
Signal Sciences 2018 Predictions: Security Spend Will Shift from Infrastructure to Applications

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Tyler Shields, Vice President of Marketing, Strategy & Partnerships, Signal Sciences

Security Spend Will Shift from Infrastructure to Applications

In the new year, risk will continue to shift from infrastructure to the application layer. Web apps have evolved from providing a marketing and information channel ten years ago to being the primary way in which businesses interact with their customers. Now, the product itself is online, including all of its code and customer data-making web, cloud, and mobile apps a company's largest digital asset. That also makes those assets an increasingly appealing target for hackers.

That is why leading-edge security organizations are moving towards perimeter-less security and changing how they allocate their budget.  The shift to the cloud will continue to gain momentum as a major trend in 2018 forcing both attackers and security organizations to adjust.  Enterprise security programs must adapt from being focused on perimeter protection and defense to instead transitioning to application layer defenses. Security spend will slow for network infrastructure technology and be reallocated to the application layer to match the modern threat.

Attackers previously targeted the perimeter of an organization where the servers sat, compromised the infrastructure, and eventually moved laterally to internal systems. In a modern architecture, cloud has negated this common threat model. The applications, and the sensitive data within, now are designed as self protecting isolated islands of security and hosted in cloud infrastructures. The perimeter has shrunk to the individual application causing attackers to adjust their methodologies. Most major compromises are now targeted at the application itself and the data within, via the web application, the API, or even microservices.

The attack patterns have also greatly expanded and will continue to do so in the years to come. Application security efforts have traditionally focused on threats like SQL injections and cross-site scripting (XSS) attacks. Beyond these OWASP injection issues, modern threats now include attacks such as account takeover, business logic abuse, API misuse, bots, and application level DDoS.

It's critical to not only adapt the way we think about how we defend applications when they change so rapidly, but also, how we defend them across  all of the modern threats. Attackers have shifted their methodologies to match the modern design paradigms, and enterprises must shift their security programs to match these changes.

According to Gartner, worldwide enterprise security spending is estimated to total $96.3 billion in 2018, an increase of 8% from 2017. Expect a healthy percentage of that budget to go to application layer and endpoint defenses that support modern infrastructure and application decisions.


About the Author

Tyler Shields 

Tyler Shields is Vice President of Marketing, Strategy & Partnerships at Signal Sciences. Previously, Tyler was a distinguished industry analyst at Forrester Research where he covered all things application, mobile and IoT security. Follow him @txs @signalsciences 

Published Tuesday, January 09, 2018 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2018>