As distributed computing and TCP/IP took hold in the early 1990’s, the information security world revolved around RACF and TopSecret — mainframe access management. Distributed computing and network security had never been issues before, so there were no skilled security practitioners to get the job done. The result… network security was owned by the network organization. The same thing happened when web application security became a demand; the web developers were responsible for implementing security controls (e.g. WAMs) even though central infosec was providing guidance and standards, he said.
Just as network security ownership defaulted to network teams in the 1990s, the same will be true for agile security and DevOps teams in 2017. “Cloud and agile technologies are being adopted faster than ever, and the industry doesn’t have time to wait for infosec to develop the needed skills. Therefore, DevOps teams will be on the hook for implementing actual security controls,” he said.
The successful security team will recognize this and seek to provide tools that work with this trend instead of fighting it. In so doing these teams will maintain high degrees of visibility and create leverage for their already-stressed resources, he added. We’ve said for over a decade that security should be built in, not bolted on — here’s a prime opportunity to move towards that reality.
Tufin’s Harrison agrees about the importance of DevOps in the security process, ensuring compliance to internal and external security rules without slowing down the primary mission of the DevOps team. This will be a challenge, as security is not inherently baked into a DevOps culture of “move fast, break stuff.” “In 2017, DevOps oversights could be the new data breach. We may see a major breach that gets tracked back to the DevOps approach, causing DevOps and security teams to become new best friends.”
Need to rethink endpoint security. Rick Grinnell, co-founder and partner at Glasswing Ventures, says in 2017 the industry will need to rethink the focus on security at the endpoint and instead begin to think about security at what he calls the "middle point" — or layers of security between the exploitable surface area of the internet of things (IoT), and the assets, data, and services that we need to protect. From a VC perspective, there are various areas that are ripe for innovation in this middle point, including new product areas (e.g., the detection and profiling of all connected devices) as well as improvements in existing solutions (e.g., next-generation security information and event management that can better analyze all of the output of new middle point and existing solutions).
Moving away from security sprawl and towards true automation. Joerg Sieber, director of products at Palo Alto Networks, said to counter the malicious activities coming at them, security operations teams need to be more agile than ever, which means more visibility into what’s coming at them, a reduction of noise, and automating for faster response. Traditionally, security teams have bolted on additional security solutions to address new threats. This has led to management frustration, coordinating security resources (oftentimes manually) from a variety of security solutions and vendors where the components don’t talk to each other or share knowledge. Security organizations will start to migrate toward solutions that are more contextually aware and security platforms that can share information across the attack surface, utilizing analytics for automated detection and response.
Sign up for Computerworld eNewsletters.