Zach Malone is a security engineer for FireMon.
Cybersecurity in 2018 can be best described in one world: complex. Yes, complexity has infiltrated every phase of the cybersecurity landscape this year, from bloated and expensive IT infrastructures, to sophisticated cyber-attack methods, to complicated compliance mandates. The aftermath of the complexity epidemic has caused countless data breaches, exacerbated the cybersecurity skills shortage, and left organizations of all sizes struggling with ineffective security programs.
It’s time we right the ship that has been taking on water for years. And I believe 2019 will be the year that cloud providers, security vendors and organizations will all make great strides toward simplifying, yet strengthening, security. Here are three predictions detailing how this will unfold in the New Year:
1. Cloud providers will adopt a “security by default” approach to reduce user error.
In 2018, cloud providers provided tools to secure their infrastructure, and vendors provided tools to secure their products. But there were two problems: lack of an instruction manual, and access defaults set to “wide open.” As a result, as more and more organizations moved data, services and workflows to the cloud, configuration errors emerged as the leading cause of cloud breaches.
Configuration errors typically happen in one of two ways: misconfigured cloud-native security controls due to the data owner’s lack of knowledge about how to use them properly; and misconfigured internal enterprise security controls, which is common when product and DevOps teams prioritize time-to-market over security.
Cloud providers are starting to take steps toward providing users with a deeper understanding of their offerings and related security controls. And, in 2019, we’ll also see them implement a “security by default” approach, in which they take the security controls already built into their platforms and ensure they are "on by default." Simplifying security in this way should reduce human error, along with associated vulnerabilities and gaps in security defenses.
2. Organizations will revert back to security basics.
In a threat landscape dominated by sophisticated cyber-criminals, advanced malware and an ever-expanding attack surface, many companies have become so overwhelmed with cybersecurity that they are dazed into inaction. Other organizations knowingly opt to risk a data breach or compliance fine rather than put proper security defenses in place, because of the associated complexity and costs. And in other cases, companies have security programs in place, but the complexity of their infrastructure creates vulnerabilities and security gaps that actually introduce risk, rather than mitigate it.
The key to overcoming any of these situations is to start simple, and, in 2019, we’ll see organizations prioritize policies and processes that focus on the tried and true basics, such as “AAA”: Authentication, think User Directory and Multi-Factor Authentication; Authorization, which handles the permissions a user should have once authenticated; and Accounting, which watches and verifies the integrity of the user’s account from internal and external changes.
3. Companies will favor all-in-one security devices over standalone point products.
Most organizations have overbought security technology, resulting in a cacophony of tools that are ineffective or redundant. Realizing this isn’t the best approach for security or the business, in 2019, we’ll see organizations move to simplify their security infrastructures by replacing endless point solutions with the optimal mix of multi-function security tools and services.
From a vendor perspective, this means that point solutions will continue to evolve into multi-purpose devices. Firewalls are a great example of this progression. The traditional firewall was designed with a singular focus: to protect a company’s assets from the outside world. However, thanks to cloud computing, virtualized application deployments, containerization of applications and other new technologies made possible by digital transformation, a concrete corporate perimeter no longer exists, and firewalls have had to adjust, both in purpose and technology.
Today’s next-gen firewalls are now responsible for providing organizations with visibility into and control over hybrid environments, automating change and policy management, and ensuring continuous compliance, among a host of other responsibilities. Contrary to what many may think, firewalls are not dead – but they have changed.
Cyber-crime attacks are getting more frequent and more effective. To gain the upper hand over malicious actors, we must replace security complexity with a simplified, streamlined approach to infrastructure and operations. Only then can we make cybersecurity programs simpler, stronger and more effective at reducing risk.