+
EDITOR’S QUESTION
MOREY HABER,
VP, TECHNOLOGY,
BEYONDTRUST
/////////////////
I
t’s that time of year again when we
look back at what has motivated the
market for IT security solutions in the
last year in order to develop our plans for the
next year. With so many public exploits, and
data breaches, there’s certainly no shortage
of material to leverage! In terms of areas
of investment and offensive and defensive
cybersecurity strategies, here is what I predict:
• More money for security, but the basics
still won’t be covered. Organisations will
continue to increase spending on security
and new solutions, but will struggle to
keep up with basic security hygiene such
as patching. Hackers will continue to
penetrate environments leveraging known
vulnerabilities where patches have existed
for quite some time.
• IAM and privilege management
going hand in hand. Identity Access
Management (IAM) and privilege
management adoption as a required
security layer will continue. We will
see more security vendors adding
identity context to their product lines.
Identity context in NAC and micro-
segmentation technologies will increase
as organisations invest in technologies to
minimise breach impact.
• Greater cloud security investments.
Vendors will begin to invest more heavily
to protect cloud specific deployments
for customers migrating to the cloud.
Supporting Docker/containers, DevOps
use cases, and enforcing secure cloud
configurations are some initiatives that
will be driven by customers.
• Acceptance that ‘completely safe’ is
unobtainable. As 2018 progresses and
more and more organisations accept
that breaches are inevitable there will
be a shift toward containing the breach
rather than trying to prevent it. This
doesn’t mean abandoning the wall, but
www.intelligentcio.com
rather accepting that it isn’t perfect, can
never be and shifting appropriate focus
toward limiting the impact of the breach.
Organisations will refocus on the basics of
cybersecurity best practice.
• Chaos erupts as the GDPR grace
period ends. As organisations enter
2018 and realise the size of the task to
become GDPR compliant by 25 May,
there will be a lot of panic. This legislation
seems poorly understood which has led to
many organisations tabling it for ‘later’
and, for many, they will wait until the
first prosecution is underway before they
react. Those who completed their GDPR
compliance ahead of the deadline will
be right to feel smug as they watch their
competitors flail.
• Increased automation in cybersecurity
response. The size of the cybersecurity
threat continues to grow through 2018,
with increasing numbers of attack vectors
combined with increased incidence
of attacks via each vector (driven by
commoditisation of attack tools) leading
to massive increases in the volume of
data being processed by cybersecurity
teams. This demands improvement in the
automation of responses in cybersecurity
tools to do much of the heavy lifting,
thereby freeing the cyber teams to
focus both on the high-risk threats
identified and planning effectively for
improvements in defences.
• Richer cybersecurity vision. As
organisations’ needs for more
comprehensive cybersecurity solutions
grows, so will the need for effective
integration between the vendors of
those technologies. This will lead to more
technology partnerships in the near-term
and eventually to industry standards
for integration in the longer term. The
ability for systems to work with relatively
unstructured data will allow for more
effective information interchange and,
as a result, far richer and more rewarding
views across our cyber landscapes.
• It is now law. Governments will begin
passing legislation around cybersecurity
and the basic management of IoT devices
required for safe and secure computing.
INTELLIGENTCIO
29