Trend 2: Cloud shatters the perimeter
As organisations move security controls from a traditional perimeter to cloud-based providers, the traditional corporate network is becoming irrelevant. The adoption of cloud platforms and security-as-a-service, will continue in 2016.
We'll see CISOs moving more of their perimeter security controls to these platforms as part of the efforts to reduce their physical footprint and costs associated with traditional infrastructure. When you're able to turn security controls on and off as needed, and enable your security in real-time, there are obvious benefits but also hidden management complexities.
The perimeter was always considered the 'catch-all' for critical applications and workloads - such as ERP, bespoke applications, intellectual property, and so forth. But the cloud has now shattered that paradigm. Users and their devices are no longer confined to a single location - and the same applies for the data they're accessing. In fact, some applications may not reside in a facility or location that businesses even know about.
The trend will be to start following, or tracking, workload applications and securing them wherever they 'live'. In essence, organisations will need to replicate their on-premise security controls in the cloud. However, it's important to keep in mind that these workloads and applications behave very differently than a network from a security point of view - they're often a lot more unpredictable.
While perimeter security remains critical, security in the time of cloud and digital needs a new approach as we start to see an emergence of hybrid security infrastructures. The challenge, as we move into the new year, is to have policy and event management that can be controlled centrally, regardless of the location of the application or data.
Trend 3: Business adopts a 'seize' mentality
Yes, you read that right - a seize mentality. A year ago, we predicted a resurgence in interest in endpoint security. Security professionals were starting to take a closer look at their devices - whether a PC, Mac, smartphone, or tablet - for indicators of compromise.
Because companies have allowed so many employees to bring their own devices into the corporate environment, traditional network-based security controls aren't able to keep up. This is motivating many organisations to seize control of the security of devices at their endpoints without restricting a user's mobility or productivity.
The focus now will extend into applications and patching. We expect businesses to start exploring methods to validate the safety of applications before allowing users to download these applications onto their devices. Identity will become more linked to the network as IT teams put individual users in the crosshairs: Where are they located? What information can they access? What device are they using?
Sign up for Computerworld eNewsletters.