2015 is drawing to a close. For the Security industry, its been a bittersweet experience. On the one hand, the year was riddled with breaches and data compromise at an epic scale. The list of attack victims seems to be endless, but on the other hand, the requirement and awareness for security is rising, essentially assuring that none of us in Security will be out of work anytime soonLike any other, 2016 will bring its own security challenges and opportunities. Here’s our list of 4 predictions for Security in 2016.
Security in DevOps (SecDevOps)
DevOps is fast becoming the way of life for most companies (not only tech companies). DevOps practices are geared towards rapid releases, automated deployments and continuous integration and deployment. Coupled with a massive adoption of Agile methodologies of application development and deployment, DevOps is taking center-stage in the tech scene. However, Security in DevOps is still at its infancy. We see several organizations grappling with the lack of a unified program for Security in DevOps (a.k.a SecDevOps) and we think this will be a defining change in 2016.
Internet of Things Security (IoT Security)
This has already become a hot topic of discussion. IoT technologies and devices have dominated technology conversations and implementations since 2014. IoT is being widely deployed in Healthcare, Banking, Public Utilities, Oil and Natural Gas, Manufacturing, and in your homes, cars, etc. Security and Privacy concerns have already surfaced with several IoT compromises (VTech, Jeep, etc) coming to the fore. Security practices especially concerning inherent protocol flaws, cryptographic implementations, continuous updates and so on will be highly pertinent and relevant ideas of discussion when this technology takes center-stage in 2016.
More Human-Targeted Security Breaches
If there’s one thing history has taught us, it is that humans are prone to error and repeated follies. This prediction has rung true year after year. With the rapid pace of end-user technology adoption, attackers will find new and unique ways to get persistent access (spear-phishing, mobile driven social engineering, social network-driven attacks) into end-user computing technologies. Just look at the ransomware stats for 2015 and you’ll see why this trend is the most “Advanced Persistent Trend” (APT) that you’ll ever see.
NoSQL/Analytics Security Research (and Vulnerabilities)
Data Science has become an essential requirement for several organizations around the globe. Organizations are constantly looking to leverage existing disjointed datasets into valuable information for their business. Non-Relational Datasources have become the new norm for companies looking towards more aggregating and correlating discrete datasets. However, some of you may know that these technologies have had a rash of security vulnerabilities that are serious in nature (think ElasticSearch, Spark, Cassandra, etc). As organizations increase adoption of these technologies in 2016, more vulnerabilities will be identified and exploited. People in Ops, “Get ready to patch in panic”, which would need a lot of what we have said in Point 1.We at we45 are working extensively on all of the above very seriously. We look forward to 2016 and what it will bring for the industry. Have a Happy New Year everyone!