Virtualization Technology News and Information
Checkmarx 2021 Predictions: Digital Transformation Sparks the Evolution of Software Security

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

Digital Transformation Sparks the Evolution of Software Security

By Erez Yalon, Director of Research, Checkmarx

In 2020, the world experienced a rapid and widespread digital shift as the workforce moved from the office to home. Naturally, organizations shifted to cloud-based technologies to support operations and productivity. Although convenient, it has presented a significant layer of complexity for software security. Additionally, all of our IoT devices that connect to the cloud now serve as new entry points for malicious actors, especially older, outdated models with unpatched software.

As we look to next year, we'll see an evolution of software security to support cloud native environments, especially as it relates to API authentication and authorization processes. IoT device security, although becoming more regulated, will also continue to be vulnerable to attacks and privacy issues. Let's explore further.

1.  Cloud native security will take center stage

API has been the buzzword when it comes to modern software development and security. But if 2020 was the year of the API, 2021 will be the year where cloud native security steals the spotlight. APIs play a major role in cloud native security, but the focus will turn to how cloud-based technologies continue to proliferate and increase in adoption across organizations. Securing the resulting ecosystems of interconnected cloud-based solutions must become a priority. 

In its current state, widespread understanding of cloud native security is still in its infancy. APIs, containers, and orchestration tools are now commonplace in software development, and organizations have been working hard to increase the connectivity between the different tools they have employed to boost efficiency and productivity. But at each point of connection there is risk of a vulnerability that could lead to a breach. In 2021, we will see organizations come to grips with this reality of software complexity and take steps toward protecting themselves.

2.  Vulnerable APIs will be most responsible for software and application-related breaches

While awareness around API security has improved over the past few years, we can still predict that APIs will remain a top, if not the top, attack vector for adversaries in 2021. While APIs have become a convenient way for developers to build and run more complex web applications, issues like access control pose a challenge to developers as accounting for and eliminating these vulnerabilities is still a difficult task with few easy solutions.

As malicious actors continue to ramp up their API-targeted attacks and organizations play catch-up in their understanding of how these programs can be exploited, adversaries will capitalize on this gap in the near-term forcing developers to quickly identify ways to better secure API authentication and authorization processes.

3.  Some progress on IoT security, but still ground to cover

We still have a lot of ground to cover with IoT security come 2021. The industry has taken steps in the right direction, such as the U.S. government passing a bill on IoT security for agencies, but the issue continues to reside in the lack of action on the part of consumers and manufacturers. Until consumers put real pressure on their governments and manufacturers for improved security in IoT devices, or manufacturers take greater responsibility for security IoT products, security will be a continuing cause for concern.

4.  Legacy IoT devices will render consumers particularly vulnerable

One other area I'll be paying close attention to in 2021 is older models of IoT devices still being deployed and active in corporate and personal environments. Over the past few years in particular, we've seen an explosion in connected devices, so much so that our lives are inundated with them. We've grown accustomed to having IoT devices operate in the background without thinking twice about replacing, upgrading, or scrapping them altogether.

As these gadgets grow older but remain in use, many manufacturers have stopped supporting them with software updates and patches as they prioritize newer models, making them prime targets for malicious actors looking for easy access points. As time moves on, vulnerabilities in these now outdated products will be discovered and exploited. Like the saying goes, eventually "everything old becomes new again," which rings especially true for hackers.


About the Author

Erez Yalon 

Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher, he brings invaluable knowledge and skills to the table. Erez is responsible for maintaining Checkmarx's top notch vulnerability detection technology where his previous development experience with a variety of coding languages comes into play.

Published Wednesday, December 30, 2020 7:29 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2020>