Expect Data Breaches, Awareness to Increase in 2016
As 2015 comes to a close, I want to share the following 2016 cloud security predictions on what we can expect from cyberattacks, and cyber security awareness.
2016 will be the year of encryption
There is a lot of mystery wrapped up in security, given the sophisticated attacks launched by nation states and cyber criminals; however, many times the solution is simple and involves fundamental security principles like good passwords and encryption for sensitive data. Arguably every year should be the year of encryption, but we have seen enough avoidable damage from a lack of encryption (see TalkTalk shares tank 11% on fears that customer compensation bill could wipe out profits and “I am surprised….no encryption has been used”) this year that those responsible will start to insist upon encryption being a fundamental part of the overall storage/security strategy. The end of US/EU Safe Harbor will also help push encryption as part of a data privacy mechanism.
Physical servers will join the endangered species list
Sure, we all know it’s not turtles all the way down and that eventually there needs to be some sort of hardware for all this cloud to run on, but the average IT worker will have less and less to do with physical servers and will be working almost exclusively with VMs in those cases where this is not the case already.
And then there were three
Speaking of consolidation, I expect to see further consolidation of the public cloud market with additional exists similar to the recent passing of HP’s Helion public cloud. Three is probably about the right number of public cloud providers, leaving Amazon, Microsoft and one other major player standing once the music stops.
Hyperconverged infrastructure will be an increasingly popular place to keep your stacks of turtles
As mentioned above, those turtles do need to exist somewhere and it is going to be not just compute being virtualized, but also storage and increasingly via technologies like VMware NSX. The industry will also be moving more towards the rack as a unit of converged computing rather than single appliances and preconfigured solutions like Vblock will replace the more traditional approach of where IT groups rolled their own racks from best of breed components.
SDN and SDDC will go mainstream
While both the Software Defined Network and the Software Defined Data Center have been around for a few years, in 2016 we expect to see them increasingly show up not just with the web/hyperscale players that they have already gained widespread acceptance with, but also in enterprises and even to an extent, the midmarket. The same drivers, namely lower cost and greater agility in the data center, that are working for convergence and against old school physical servers are behind SDN and SDDC.
Containers to remain shiny new objects
The next step in the evolution of virtualization, containers, will remain shiny, much like SDN a couple years back. The benefits and savings are obvious, a fact which combined with the siren-like allure of the new and shiny will encourage both major players and startups to keep driving innovation and new solutions in this space. As the maturation of containers continues to recapitulate the evolution of virtualization, one would expect to see many of the security issues inherent with the approach addressed not only by the likes of Docker but also by a number of third parties, as we’ve seen with virtualization. There is a lot of interesting work to be done on this front.
We’ll see the Internet of Attack Surface
As more and more objects come to join the Internet of Things, the world will be increasingly exposed to just how ghastly and ugly things can get when you have old open source with well-known, documented vulnerabilities going unpatched for long periods of time. We have internet connected lightbulbs but few who want to manage the updating of such things, including in many cases manufacturers who are new to security who may be much more focused on being able to deliver on the promise of connectivity than they are focused on security – particularly when greater security could generate more returns or higher support costs.
Automotive hacking will rise
When a hacker changes some numbers in a database somewhere, it is one thing. When a hacker pitches your car into a spin on the highway by ordering full ABS stop on the left side and no brakes on the right it is a considerably different situation. Look for everything from theft via compromised key fob codes to various kinds of hacks involving car LTE and WiFi networks. Any time a new industry adds significant compute, a whole generation or two usually ends up suffering a variety of vulnerability as a new industry learns by painful experience that security by obscurity is not secure at all and that things like on-board diagnostics (OBD) and controller area networks (CAN) need to be locked down. Given that cars are becoming more connected (through WiFi, Bluetooth, and cellular connections) as well as greater automation of systems (TPS, electronic braking, steering, throttle, and engine diagnostics), this will open up back doors to stack overflow and other attacks.
With more breaches will come more awareness
Expect to see the number of major breaches continue to rise. As awareness of the cost and impact of these breaches spreads, the value that organizations place on security and compliance knowledge at the board and C-level will increase as well. We urge organizations to remember that compliance is not security and that addressing even basics like encrypting everything can go a long way toward either reducing the chances of a breach or the impact of one should it happen.
(About the author: Eric Chiu is president of HyTrust, a cloud security and control company.)