10 December 2014 – As the complexity and diversity of devices, platforms and modes of interaction advance, so do the associated risks from malicious individuals, criminal organisations and states that wish to exploit technology for their own purposes. Below, Michael Fimin, CEO at Netwrix provides his major observations of IT security trends and the most crucial areas to keep watch over in 2015:
Many individuals and enterprises are already using cloud technologies to store sensitive information and perform business-critical tasks. In response to security concerns, cloud technologies will continue to develop in 2015, focusing on improved data encryption; the ability to view audit trails for configuration management and secure access of data; and the development of security brokers for cloud access, allowing for user access control as a security enforcement point between a user and cloud service provider.
As the adoption and standardisation of a few select mobile OS platforms grows, the opportunity for attack also increases. We can expect to see further growth in smartphone malware, increases in mobile phishing attacks and fake apps making their way into app stores. Targeted attacks on mobile payment technologies can also be expected. In response, 2015 will see various solutions introduced to improve mobile protection, including the development of patch management across multiple devices and platforms, the blocking of apps from unknown sources and anti-malware protection.
Software defined data centre
’Software defined’ usually refers to the decoupling and abstracting of infrastructure elements followed by a centralised control. Software defined networking (SDN) and software defined storage (SDS) are clearly trending and we can expect this to expand in 2015. But while these modular software defined infrastructures improve operational efficiency, they also create new security risks. In particular, centralised controllers can become a single point of attack. While the adoption of this approach is not widespread enough to become a common target for attacks, as more companies run SDN and SDS pilots in 2015, we expect their security concerns will be raised. This will result in more of a focus on security from manufacturers, as well as new solutions from third party vendors.
Internet of Things
The Internet of Things (IoT) universe is expanding with a growing diversity of devices connecting to the network and/or holding sensitive data – from smart TVs and Wi-Fi-connected light bulbs to complex industrial operational technology systems.
With the IoT likely to play a more significant role in 2015 and beyond, devices and systems require proper management, as well as security policies and provisions. While the IoT security ecosystem has not yet developed, we do not expect attacks on the IoT to become widespread in 2015.
Most attacks are likely to be ’whitehat’ hacks to report vulnerabilities and proof of concept exploits. That being said, sophisticated targeted attacks may go beyond traditional networks and PCs.
Next generation security platforms
In 2015 and beyond, we can expect to see more vendors in the information security industry talking about integration, security analytics and the leveraging of big data. Security analytics platforms have to take into account more internal data sources as well as the external feeds, such as online reputation services and third party threat intelligence feeds. The role of context and risk assessment will also become more important. The focus of defence systems becomes more about minimising attack surfaces, isolating and segmenting the infrastructure to reduce potential damage and identifying the most business-critical components to protect.
Looking back at previous years, new security challenges will continue to arise, so IT professionals should be armed with mission-critical information and be prepared to defend against them.