Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Qualys 2020 Predictions: Security in 2020 - what will the future hold when everything changes all the time?

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual VMblog.com series exclusive.

By Marco Rottigni, Chief Technical Security Officer EMEA, Qualys

Security in 2020 - what will the future hold when everything changes all the time?

IT used to be solid. Dependable. Unchanging. You bought servers and operating systems, and they would run consistently in your data centre for years before being decommissioned. Around this, you would have a security team dedicated to keeping that infrastructure protected and free from risk. 

Today, the only thing that is the same is the risk. Hacks still happen, software vulnerabilities get discovered and patches have to be applied, but the pace of change around security has gone up so much that the old processes are no longer enough. At the same time, cloud and container deployments can change at any time based on demand for those applications and services. So how will security have to change in 2020 to keep up?

Prediction #1 - IT changes all the time ... security will have to change in order to keep up

More companies are using containers to deploy applications, either on their internal IT or in the cloud. Containers can scale up application services quickly, while orchestration tools like Kubernetes can automate this process for you.

From a security perspective, knowing about this scale is essential. If you have a problem in part of your cloud infrastructure, and that gets scaled up to more images, then the problem is much worse. However, many security teams may not be aware of these changes taking place.

In 2020, there will be more emphasis on real-time updates around any assets that are getting created. The alternative is that images are getting created, used and then deleted without the security team even being aware that these assets exist. That is a potentially frightening thought, and one that should lead to more changes in 2020.

Prediction #2 - Digital biodiversity will force teams to deal with different work paces

There are so many different platforms in place within enterprises and each of them has to be kept secure. However, they all live at their own pace. From the traditional and legacy IT assets that move as fast as sloths through to the hummingbird pace of cloud, each platform will change in its own way over time.

To cope with this, IT teams can split their resources and assign some to work on the tried and trusted platforms while others handle the new and exciting ones. The risk with this is that it effectively creates an "us and them" dynamic within the team, at the very time when you want people to be helping each other. Instead, more teams will need to adopt holistic IT security practices where the cadence for change is part of the planning process.

Getting insight into these changes will be necessary, so planning ahead around patch windows and major events should happen early. This will help teams prioritise and plan ahead, regardless of whether a change comes in suddenly or not.

Prediction #3 - Shared responsibility for cloud still needs to be understood

Cloud deployments are getting more and more popular. Providers like Google Cloud Platform, Microsoft Azure and Amazon Web Services all offer a range of options for hosting, managing and implementing applications. Companies are also looking at multi-cloud and running across different cloud services where locations are available.

All this depends on the IT security and cloud provider teams working together effectively. However, that is not always the case. While the cloud providers are clear on what they are responsible for, there have been many cases where assumptions have been made and security flaws discovered. Poor database deployments or use of insecure storage with default configurations have been the most common culprits.

Next year, these issues will continue as developers rush to get their applications finished or miss out working with IT security teams on moving services into production. To avoid this, companies will have to take more responsibility for their deployments. Educating developers is part of this, but building better DevOps processes that incorporate security tools into the release workflow will be just as important. This will make security "business as usual" rather than an additional headache.

Prediction #4 - More security purchases will be by DevOps, not IT security

Traditional IT security sales were made by specialists to other specialists. This meant that the CISO was the arbiter of who a company would work with and how these solutions would be managed.

In 2020, this will change. Rather than security being solely the preserve of the IT security team, the DevOps team will be responsible for purchases or hugely influential on what gets implemented. When companies work around a CI/CD pipeline, the DevOps team is the new buyer that has to be impressed.

What does this "inside baseball" prediction mean for the future? It means that the companies who used to lead security markets won't any longer. DevOps teams - and developers in particular -  are interested in working with companies that understand their requirements and ways of working. This will lead to some big upsets and changes in who holds the balance of power within the organisation when it comes to budget.

DevOps teams measure success in terms of agility, velocity and the ability to embrace variance. They do not separate the cloud from traditional data centre deployments, and instead they go hybrid all the time. This will lead to some of today's security leaders making big acquisitions to try and remain current, while upstarts in the sector will grow rapidly.

Prediction #5 - Vulnerability detection will move to real-time, not scheduled

Traditionally, vulnerability management programmes ran to schedules. You knew that Microsoft would release patches once a month, as would Adobe. Oracle would release patches once per quarter. Managing these would sort out the majority of problems. Looking for vulnerable software could be scheduled around these updates.

However, today's issues are getting exploited faster than traditional patching schedules can cope with. The sheer variety of platforms in place means that changes can affect multiple systems running in different places. New technologies like cloud and containers can run intermittently, getting missed by scheduled scans. For 2020, more companies will have to move over to real-time vulnerability scanning, looking for issues as they occur.

This change relies on following a process based on UDR - Understand, Detect, Respond. Understand involves getting data on all the IT assets that you have, from cloud and containers through to traditional endpoints, mobile devices and web applications. Detect covers how to find those anomalies, known and unknown - the important thing here is the quality of your data to understand the event, trust the alert, and prioritize the reaction. Respond covers how quickly you can fix the issue as rapidly as you can to mitigate any potential damage, reduce stress on your team and avoid any impact on productivity.

Prediction #6 - Integration and orchestration will become critical for security teams

Teams are implementing Kubernetes and software containers to improve their processes and deploy software more quickly. However, security teams are finding it difficult to keep up with these new processes and products entering the enterprise. While Kubernetes helps application teams automate and orchestrate their services, the security team has to take the same approach.

In 2020, security teams will look to learn from DevOps teams around how they achieved their results and what changes were needed. At the same time, they will be looking to recruit more people with skills and understanding in building integrations and automated processes too. Security Operations Centres in particular will want to automate processes around data where they can, making existing staff more productive and helping those team members focus on more high-value tasks.

##

About the Author

Marco Rottigni 

Marco is a result driven professional with nearly 30 years' experience in IT and 20 years in IT security. Joining Qualys in 2018 as Chief Technical Security Officer EMEA, Marco's responsibility is to deliver the company's technical vision, advantages and competitive differentiators. Previously, he has worked for companies such as Esker, SCO, Stonesoft, McAfee, Fireeye and managed many European teams and projects. He is on Twitter at @roarinpenguin. Link: https://www.qualys.com

Published Tuesday, December 17, 2019 7:29 AM by David Marshall
Get This Featured White Paper: Minimize the Risk of Ransomware Attacks
You may also be interested in this white paper: The Essential Guide to Cloud-Based Backup and Disaster Recovery
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<December 2019>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234