Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Bilal Mujahid, chief information security officer at iManage
How Security Threats Will Be Addressed in 2019
Since the dawn of this century,
you have heard a consistent drumbeat: "Make sure your machines are patched", "Make
sure your Wi-Fi is secure", "Make sure you have a firewall on the perimeter of
your network". These were appropriate reactions to security events that made
the news, such as the spectacular Code Red worm (2001), the massive TJ Maxx breach
(2007) and the fast-spreading ILOVEYOU virus (2001).
This later transformed to a mantra
of "buy more technology" - be it Data
Loss Prevention (DLP) software, an Intrusion Detection System (IDS), aWeb
Application Firewall (WAF), Endpoint Detection and Response (EDR) software or Mobile
Device Management (MDM) software. In any case, "buy, buy, buy".
The
security space boomed and sprouted a thousand startups. IT leaders only slowly
realized that it isn't easy to get true value out of all this technology. It
requires specially trained staff to set all these tools up, and another group of
trained staff to operate it daily. As we speak, there are millions of dollars
worth of specialized security software and hardware collecting dust in data
centers around the globe.
And now,
as we enter 2019, here are my predictions on what today's modern enterprises will
do to better govern and secure their critical information in the coming year
and beyond against new and more sophisticated security threats:
-
TRANSITION MORE APPLICATIONS AND SERVICES
TO THE CLOUD: Enterprises,
even vast financial firms with nearly unlimited resources, increasingly realize
that it is incredibly difficult to effectively secure hundreds of heterogeneous
applications and associated infrastructure. A cloud provider has a very
homogenous environment and can inexpensively implement many layers of
protection.
-
ADOPT ZERO-TOUCH MODELS: More enterprises will follow
the lead of modern cloud services providers such as Google, Twitter and Amazon.
Like these firms, they will make application and even infrastructure changes
using a rigorous dev-test-QA-staging model. In addition, the adoption of zero-touch
models where system admins have no direct access to the underlying
infrastructure will greatly increase. No single role or person will have the
ability to affect the security of a system.
-
DEMAND APPLICATIONS THAT ENFORCE
SECURITY THEMSELVES: Enterprises
increasingly expect that their applications be built with security in mind. They
want applications that can detect and respond to unusual activity even when it
looks like an authorized user, provide the ability to wall off sensitive data
while encrypting customer data and enable users to maintain their own security keys.
Rising customer demand for
data security and increasingly strict data privacy regulations make it
essential for enterprises to raise their security and information governance
standards and find the most innovative solutions available for securing and
managing sensitive information. These innovative solutions are out there, so
let's have 2019 be known as the year we work safer, while still working how we
want to work, from any device and any location.
##
About the Author
Bilal Mujahid is the chief information security officer at iManage.