With 2017 in full swing, it is hard to ignore the impact that digital transformation has on today's businesses. Across the globe, companies of all sizes are transforming their processes, workflows, and cultures in favor of digital interaction. Some examples:
Small - Midsize Businesses
- Selling products and services online
- Creating mobile-friendly loyalty program and coupon apps
- Migrating from on-premises solutions to Software-as-a-Service
- Adopting an internal collaboration process to share ideas, expertise, and accomplishments
- Adopting a cloud platform to handle pricing, quotes, orders, and any other piece of the sales process
- Automating a quality assurance or testing program
- Personalizing the customer experience with big data input and analysis
- Leveraging the Internet of Things to connect to consumer or commercial devices
You can probably imagine dozens of scenarios not listed above, and perhaps pull a few examples from your smart phone right now. This digital transformation is driving the expansion of three key trends for business: 1) accelerated cloud adoption, 2) increased application and network dispersion, and 3) an order of magnitude increase in attacks along all threat vectors.
Accelerated Cloud Adoption
Many companies are embracing a cloud-first approach for new application development. In other words, companies are looking to cloud-based solutions to address business problems, rather than deploy the solutions within their on-premises data center. We know that some companies will stay away from the cloud due to compliance issues, concerns about privacy, or internal decisions based on strategy or data control. The on-premises data center isn't going anywhere, but cloud adoption continues to expand rapidly.
What does this mean for businesses over the next year?
One of biggest challenges for IT staff and CIOs is to figure out how to leverage the benefits of the cloud while protecting the concerns addressed by the private on-premises data center. Hybrid cloud adoption is a popular strategy, and often looks something like this:
- Leveraging financial and order processing systems on-premises while using Salesforce and similar cloud based applications
- Using an on-premises Exchange Server for some users while others are leveraging Office365.
- Integrated back-end systems located in on-premise data centers with applications hosted in Microsoft Azure or AWS
- Archiving Office 365 cloud mailboxes with an on-premises message archiver
- Processing big data in a public cloud-based application and keeping the data on premises
As these scenarios become the norm, we see the challenge to ensure optimized traffic management for branch-to-cloud access and hybrid cloud traffic, which we discuss in the next section.
Increased Application and Network Dispersion
Last year we discussed dispersion and the role it plays in driving technology. At that time, we talked about how the growth in the number of branch offices and microsites has forced businesses to extend their security posture and quality of service that's at the main office to these dispersed locations and resources. We expect this trend to continue to increase over the next year. Dispersion impacts a company's IT strategy in several ways:
- Intelligent Perimeter: The traditional network perimeter has been replaced by an intelligent perimeter that includes multiple firewalls throughout the network. This perimeter requires remote monitoring, centralized monitoring, and centralized management.
- Remote Site QoS: With the increasing adoption of SaaS applications like Salesforce and Microsoft Office 365, the practice of backhauling Internet traffic to a central site is no longer necessary or practical. Branch offices need their own Internet connection with Quality of Service that optimizes connectivity for mission critical SaaS applications and VoIP systems.
Dispersion isn't just a matter of central and branch offices; it also encompasses mobile and remote users. Project Managers who supervise work in the field may need access to Microsoft Project in the cloud, or a line of business application that's hosted at the central office. IT Managers need to securely enable this type of access in a reliable and cost effective way:
- Simplified VPN: While SaaS applications like Microsoft Office 365 may reduce the need to connect to internal resources, there are still scenarios where remote workers need to access something inside the business network. A corporate VPN solution that meets their needs without contributing to 'security fatigue' is the right choice. The solution should be easy to use, flexible, and ideally include intelligent traffic routing to ensure key services receive priority resource. Legacy VPN mesh solutions that take months to get “just right” and are brittle are a challenge. Modern VPNs are simple and user friendly, and they can protect company resources while contributing to the company's overall business strategy.
- Endpoint and Mobility: The business endpoint has evolved from simple workstations like desktops and thin clients, to include tablets, phones, TVs, and many more devices that are owned by employees, or are simply connected to the company at some point. Each device is a potential target for attack. Security and visibility must extend to all endpoints, including those that are mobile and frequently change due to BYOD policies.
There are several traditional threat vectors, including network, email, web applications, users, mobile, and remote access. These vectors continue to be primary targets, but we also see the emergence of new threat vectors associated with the Internet of Things. Companies must continue to focus resources on traditional threat vectors, as well as harden endpoints and identity management.
The IT security industry has been adapting and anticipating new threats at an unprecedented rate. The most costly and widely discussed threats include the following:
- Zero-day attacks: Also known as zero-hour attacks, these threats create a high risk situation where attackers attempt to exploit software vulnerabilities before the public is aware that the vulnerabilities exist. The software manufacturer then has "zero days" in which to issue a patch to fix the vulnerabilities.
- Phishing: A criminal disguises himself as a trustworthy entity in order to obtain sensitive information, such as payroll records, login credentials, or credit card details. Phishing attacks continue to increase and are becoming more sophisticated as attackers often look for the ‘weakest link' which means everyone is a target.
- Ransomware: Ransomware quickly catapulted as one of the most talked about threats in 2016, and evidence shows that it isn't slowing down any time soon. Ransomware attacks include malicious software that prevents access to data or systems until a ransom is paid to the attacker.
- Social engineering: Attackers attempt to manipulate people into divulging sensitive information or performing actions that will bypass security processes. Social engineering is based on the concept that the victim is the weakest link, and the easiest way to infiltrate an organization. One example of successful social engineering is a victim being convinced to disable endpoint security in order to install an exploit kit from a compromised website.
To defend against these ever-changing methods of attack, the security community must remain vigilant, proactive and aggressive in developing advanced security capabilities. These technologies will continue to improve and must become more affordable and accessible to even the smallest of companies.
- Client fingerprinting: Also known as device fingerprinting, client fingerprinting is a stateless process that allows a system to identify a remote (client) device by the unique data set collected through the connection. Fingerprinting does not depend on the traditional Internet cookie. Fingerprinting is used extensively in security measures like DDoS defense, where it allows a system to distinguish between real users and botnets.
- Microservices: The use of microservices enables larger applications to be broken down into smaller discrete functions, which allows teams to more efficiently deliver these services across multiple security solutions. Rather than duplicating certain features in multiple deployments, these microservices can communicate with all of the deployed solutions. This architecture is often more affordable and requires less overhead.
- Defense in-depth: Also known as a multi-layered defense, a defense-in-depth approach layers multiple security solutions at various threat vectors. This strategy provides a more complex defense system and is more difficult for an attacker to penetrate than a single barrier. This approach might include ensuring up-to-date solutions are in place at the email security gateway, network perimeter, and across Internet-facing applications.
- Human Firewalls: Constant vigilance in provide education to customers and users on the cyber security risks is an important strategy in addressing what is sometimes the weakest link in our defense strategy, people. New security offerings that integrate on-demand training for users that behave in risky ways (constantly clicking links in emails) help ensure that people are constantly aware of how malicious attacks can happen.
- Machine learning: Machine learning is a type of artificial intelligence that allows computers to find patterns and other insights that are relevant to threat identification. Machine learning makes it possible for security systems to respond more quickly to previously unseen threats.
What does this mean for threat protection over the next year?There is simply no way for an organization to anticipate every specific threat. At the same time, as the IT security industry continues to evolve available solutions to defend the various threat vectors, organizations must review and implement solutions in a way that provides maximum protection for their individual environment. Smarter and adaptive threats will find their way past some barriers, so the best defense is one that is deployed in multiple layers with communication between solutions. The random and automated nature of attacks means that SMBs today are facing the same threats that larger enterprises face, yet they often do so with limited time and resources. As a result, intelligent and powerful security solutions will continue to be more accessible to smaller customers.