A “Cloudy” Forecast for the Future of Cybersecurity

March 2, 2015
Business drivers ensure that devices will connect and interact through the secure cloud network

The cloud has been broadly observed as the most disruptive force in business today. Indeed, the world is in the middle of a number of fundamentally intense transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, requiring an equally profound change in the way we secure modern businesses, both small and large, against cyber-attacks.

 The coming wave of disruption will change how we think about enterprise security. This will inevitably result in three dramatic changes in the security vendor landscape, including:

 The internet will become the corporate network perimeter

  1. Endpoint and network security technologies will become inextricably intertwined
  2. Cloud security will enable a secure foundation for the internet of things (IoT)

 Let’s take a quick look at each of these changes.

 The Internet Becomes THE Corporate Network Perimeter

 As recently as two to three years ago, the Chief Information Security Officer (CISO) was focused on defending the network against attack, and attempted to achieve this through an investment in a wide array of disparate on-premise technologies. This was all very well when users, corporate applications and data were behind the corporate firewall. However, those days are long gone.

 Today, CISO’s are concerned about users connecting from their personal mobile devices, accessing corporate data stored in public cloud applications, over public networks. The potential attack surface has expanded from being the corporate network perimeter, which in itself was challenging enough to protect, to encompassing a completely unbounded environment of personal devices, public network infrastructure and cloud applications and service providers. Billions of dollars that were originally invested in perimeter security now offer little to no value in this scenario.

 A number of emerging security vendors now offer services that deliver a comprehensive layer of protection through the cloud itself – enabling users to be protected wherever, and however, they are connecting to web services and applications. This is a profound shift for three key reasons:

 First, a cloud security layer eliminates the need for large enterprises to backhaul traffic, which is not only an expensive proposition, but creates a poor end user experience that is hard to enforce.

  • Second, delivering security at the cloud layer enables the consistent enforcement of security policies based on the context of the user’s endpoint device, the network or location from which they are connecting, and the ultimate application with which they are interacting. This approach hands control of corporate data and applications back to the CISO – a critical step in ensuring a strong security posture.
  • Third, delivering security through the cloud provides an unparalleled position of visibility from which to identify and block threats in real time.

 Traditional on-premise security solutions have limited visibility beyond their own environment. However, cloud-based services can identify anomalies and attacks in real-time, correlating events across tens of thousands of customers and millions of end users to rapidly detect new threats as they propagate, and respond to shut them down before they can exact any damage, keeping corporate assets and data secure.

 Endpoint and Network Security Become Intricately Linked

 Last year, a senior executive at one of the world’s largest security companies let it slip in an interview that “anti-virus is dead”. This was a rather embarrassing admission from a company that makes the bulk of its revenue from legacy anti-virus technology! Nevertheless, the point is actually valid: today’s cyber threats have outstripped the capabilities of old-school signature-based anti-virus.

 So what does this mean for how we secure endpoint devices, which, after all, are the access point through which users access the critical data and applications that the security industry is tasked with protecting?

 The security industry has traditionally approached endpoint security and network security as completely different product lines that are sold to different buying centers within the enterprise. But in today’s world of sophisticated and rapidly evolving threats, we will quickly see these two critical parts of the security landscape develop deeper levels of awareness, connectivity and adaptability. The network layer will need to become aware of, and responsive to, what is happening on endpoint devices both on-network and off-network, and vice-versa.

 For example, if a group of laptops in a branch office are suddenly found to be sending high volumes of traffic to a low-reputation IP address in China, the network will need to immediately adapt – perhaps shutting down access to that IP, or sandboxing traffic from that part of the network for further inspection. Similarly, if a corporate cloud-based application is experiencing anomalous traffic or unusual login attempts, then sensitive endpoint devices might be automatically placed under a more stringent security policy, or perhaps have their traffic directed through an alternate route.

 My point is that these technologies can no longer afford to exist in isolation. A cloud-based security layer is the best way to provide this “connective tissue”, enabling commonality of policy, and correlation of activity and response across the entirety of the stack.

 Next generation endpoint solutions will entail a variety of techniques, from anomaly detection, sandboxing, heuristics and the like to detect and prevent unknown attacks. However, the most powerful solutions will be those that have visibility across both the endpoint and the network, correlating events, behavior and traffic to enable a holistic focus on true prevention.

 Cloud Security Enables a Secure Foundation for the Internet of Things

 When we think of the internet, we typically think of a diverse network enabling users to access information and applications from personal computing devices. However, we are now seeing an explosion in the volume of machine-to-machine interactions occurring across the internet. Products from home appliances, to cars and industrial equipment are rapidly evolving into connected, smart, network-enabled systems that interact with users, with each other, and with other connected services to vastly expand their functionality. This world of internet-connected devices is often referred to as the Internet of Things (IoT).

 As billions of devices become interconnected with each other via the internet, device and service vendors will need to rapidly re-think their approach to security. IoT devices connect over the public internet, so traditional approaches to network security will, by definition, be completely inadequate. Furthermore, many internet-connected devices have limited processing power – making running sophisticated security applications at the device level either impossible or prohibitively expensive in terms of performance and/or cost.

 The cloud security network described in this article will emerge as the de-facto approach to securing the Internet of Things. Devices will connect and interact through the secure cloud network, enabling policies to be automatically applied and ensuring that communications, devices and services are not compromised by bad actors. The sheer volume of connected devices will present interesting challenges for security vendors. Billions of devices, each engaging in thousands of interactions a day implies that there will literally be trillions of daily events to correlate, analyze and secure. This will require a new breed of security technologies, and likely new security vendors, that have data science and machine learning at the core of their DNA.

 A Look Ahead…

 The world stands at an inflection point in the way in which enterprises use and interact with data, devices and applications. The changes that are already underway require vastly different approaches to security, and the cloud is at the center of how we will address these challenges going forward.

 Ultimately the security industry will move from a stovepiped, product-based focus towards an integrated, cloud-based services approach that will enable enterprises to better manage risk and attain robust security postures.

 About the Author:

Paul Lipman is the CEO of iSheriff. He brings to the role over two decades of executive and operational leadership experience at software, services and ecommerce companies.