Sanjay Ramnath, senior director of security products at Barracuda, looks at what security trends will evolve over the next year.
With 2015 now over it’s time for look at what we are expecting to see in 2016. As infrastructure and business models continue to evolve, so do the threats against them. The top five trends that will have a significant impact on IT in 2016 are:
1. Increased Network Dispersion
The coming year will see increased network dispersion in all forms as organisations expand to more locations, leverage Cloud based services and embrace mobile working. This increased dispersion will change the traditional role of the firewall. Network architectures change as the use of Cloud applications like Office 365 grow.
It reduces the need to backhaul traffic to a firewall in a central location in order to enforce policies and deliver Internet access. Remote locations with Internet connectivity can access Cloud apps directly, and branch office firewalls can be configured with the appropriate policies to ensure security, reliability and quality of service. Also, as organisations enable intelligent network perimeters with firewalls at all locations, the need for centralised management will become more important.
The growth of branch offices, microsites, and mobile technologies means that users will become more dispersed. Technology Managers will have to extend their security posture to include security for remote users while ensuring secure access to network resources. Centralised policy management and reporting will be key to maintaining a uniform security policy for on and off-network users.
The use of mobile applications will grow as part of this trend. Also, BYOD policies will continue to evolve, challenging IT administrators to securely manage employee-owned devices on corporate networks.
Data centres and application delivery systems will also become more dispersed. An increasing adoption of private and public Cloud based hosting platforms will lead to hybrid data centre environments. Application traffic flows will be more non-deterministic and non-transactional. New data centre architectures will require connectivity across multiple deployment surfaces as well as application security that can migrate and scale with virtualised applications.
2. Targeted Attacks
Expect to see a continued increase in targeted attacks in 2016. These attacks will become more sophisticated, and therefore more successful at penetrating traditional security. Hackers will leverage techniques like spear phishing and social engineering to launch sophisticated multi-vectors attacks that steal user credentials and exploit multiple unsecured threat vectors.
Organisations must proactively secure all their Internet threat vectors with comprehensive security against targeted attacks. Advanced Threat Detection and sandboxing must be included in securing every threat vector. This will drive the need for cost effective and accessible solutions that perform these functions.
3. Public Cloud Adoption
Public Cloud adoption will continue to grow and will force companies to rethink the way they secure their resources. It will also encourage service providers to develop new security and networking tools that are native to Cloud platforms. These new tools will be easier and faster to deploy, and might be handled by a Managed Services Provider (MSP). This approach means that business moves faster and time-to-value is reduced.
Cloud adoption presents different types of challenges depending on the migration scenario. Many companies are only planning to migrate some of their assets to the Cloud. They want to leverage the benefits of the Cloud where they can, while keeping some resources on-site as needed.
In this hybrid scenario, Technology Managers will be looking to deploy the same security in the Cloud as on-premise, and be looking to securely connect the on-premises and Cloud components. These companies may also need networking and segregation capabilities in the public Cloud.
A company that has no existing on-premises servers or applications may choose to deploy only to the Cloud. In this scenario, Technology Managers may struggle with security questions. How secure is the application? Who is responsible for server security? Is the deployment in compliance with regulations?
4. Office 365 Adoption
We expect to see a rapid adoption of Office 365 by companies of all sizes. These companies will encounter a handful of networking, security and compliance challenges that will require specialised solutions. Companies will need to understand that security and compliance requirements do not change in the Cloud ecosystem, and third party providers still have a role.
As part of a migration to Office 365, organisations will have to prepare their networks to handle the traffic and availability requirements as well as improve reliability. They will also have to prepare their data by consolidating legacy email archives.
5. Growth of Managed Services
We expect to see tremendous growth in managed services, as customers begin to realise that the as-a-Service model offers both simplicity and affordability. MSPs have unprecedented opportunity due to Infrastructure-as-a-Service, virtualisation, public Cloud ecosystems, machine and app templates, and more. MSPs will be able to offer rapid deployment of resources, including security and compliance applications.
Sanjay Ramnath is senior director of security products at Barracuda. www.barracuda.com