“We’re witnessing a rapid progression toward targeted attacks where the attacker is singling out applications with a very specific purpose, rather than aiming for the mass distribution of viruses or worms,” said Richard Moulds, vice-president in charge of product strategy at Thales e-Security when Info4Security asked him to outline what’s on the horizon when it comes to cyber threats in 2012.
“The targeted application has meaning related to the gain the attacker is aiming to achieve,” he added.
According to the results of research undertaken by zScaler (and presented at the Cloud Security Alliance Congress), 40% of recent cyber attacks resulted in bots that live within applications to change the nature of those applications.
“Therefore, more and more attention is being paid to the authenticity of the code within these applications,” stressed Moulds.
“In the Diginotar attack the DNS service was compromised, but because they were using an HSM, they were able to audit the management of the key protecting the service and then rectify the issue.”
Concept of embedded trust
Moulds went on to discuss the concept of embedded trust. “Embedded encryption was clearly a major theme in 2009 and 2010. This past year the concept evolved into a focus on embedded platform security, which expands the notion of trust to other parts of the compute process.”
A classic example of this is the trend towards putting tamper-resistant silicon within electronics.
“This would extend the same level of trust afforded by encryption and key management to mobile devices like a cell phone and a tablet,” explained Moulds, “which are becoming more common within transactions but are not naturally able to consume HSMs.”
Info4Security was keen to find out the answer to one key question… Are cloud computing security and compliance on a collision course?
“Many companies breached in 2011 were more willing to disclose the breach, even if information affected was not considered legally sensitive,” suggested Moulds.
“A broader definition of what’s considered sensitive is not good for cloud adoption. Enthusiasm for the cloud will wane if companies are concerned about placing sensitive information in the cloud.”
In addition, Moulds stated that the cloud and compliance are indeed on a collision course.
“If a cloud computing vendor houses regulated data, that vendor is now part of the scope of a compliance audit. Given how multi-tenancy works, the provider will not be able to know what part of their infrastructure touched the regulated data.”
To better accommodate sensitive and regulated data, Moulds believes that cloud providers must turn to encryption as more and more regulating bodies are declaring encrypted data to be out of scope for an audit. The more the cloud service provider can isolate a customer’s environment and shroud it with encryption, the happier that provider will be with sensitive data.
Definition of ‘The Cloud’ set to stabilise
Previously with Enterprise Strategy Group and NetApp, Quantum’s chief technology evangelist David Chapa boasts 25 years’ enterprise back-up and recovery experience which he has used in roles ranging from sales to product to marketing leadership positions. What are Chapa’s feelings on cyber threats in 2012?
“Scale-out storage adoption will become much more pervasive,” opined Chapa. “It won’t just be for HPC environments anymore. Customers are looking for higher value and Return on Investment. Scale-out will be key to match both performance and capacity requirements for customers looking to achieve that faster ROI.”
Chapa also believes that the definition of ‘The Cloud’ will begin to stabilise.
“Many will realise the importance of having tape as part of the big cloud story. Tape isn’t dead: it’s simply being positioned differently to meet customer requirements.”
Data growth has been on everyone’s Top 10 list of predictions for years. “This is not as much a prediction, but a statement,” stated Chapa. “Unstructured data is the culprit, but business analytics and business intelligence will see significant increases in 2012 and beyond.”
It would seem that life sciences are coming to big data. Big data has no idea what will hit it when the bio-tech/life sciences field starts to accelerate its creation of data for clinical research.
“Genomic sequencers are becoming more and more affordable,” asserted Chapa, “which means more and more data can be created in a much shorter space of time. This helps both small and large labs to achieve greater relevance in the field which means massive amounts of data will need to be managed across multiple tiers of storage.”
For their part, back-up applications have always been a very ‘sticky’ application in customer environments, and virtualisation offers customers a choice to change how they think about back-up and recovery.
“New, thinner and more integrated approaches will be the revised look of data protection in a virtualised world,” urged Chapa. “De-duplication will become even more critically important to efficiently and effectively protect these infrastructures without compromising on performance or oversubscribing secondary storage to overcompensate for architectural deficiencies.”
Mobile devices: they’re not just for talking
Data delivery, data access, application mobility and data mobility – however it’s framed – will begin to take a firm hold in the IT industry.
“Much more work will be done on these devices in 2012,” explained Chapa, “and we will begin to see how these devices will change the way business is conducted. From IT management to the field sales reps, these mobile devices will not only create more data but also deliver data in a much more meaningful and complete manner.”
Apparently, supply and demand is alive and well. “We’re seeing a significant drop in prices. Storage is becoming more and more affordable to the masses. Home office users now have several terabytes of data stored locally and face similar challenges to the enterprise: how to manage and protect this data.”
Small business cloud services will continue to emerge, accelerating cloud adoption even more at this tier, but the enterprise will continue to struggle with the public cloud.
Chapa expressed the belief that ‘The Public Cloud’ will gain traction.
“Security, access and control continue to be the barriers of entry for the public cloud to gain enterprise acceptance. The year 2012 will need to focus on how these three barriers can be broken down in order for the enterprise to begin to adopt the public cloud much more readily.”
Crowd-sourcing will continue to grow. Indeed, 2012 could very well see this begin to mature and have a real and serious impact on IT, how data centres are managed and beyond.
Chapa concluded his opinions on 2012’s cyber landscape by commenting: “This year is poised to be all about object-based storage.”
The network: it’s the key ingredient
Trevor Dearing’s a network expert with Juniper Networks and holds some specific views on how he sees 2012 panning out in cyber space.
“Over the past couple of weeks it has certainly been interesting to see the number of 2012 predictions emerge that focus on how cloud computing will be the ultimate game changer this year, why companies will be unlocking the value of their unstructured data and how the ‘consumerisation’ of IT will become a reality as executives increasingly recognise its importance to attracting and retaining talent,” he said. “It’s almost predictable.”
Dearing “cannot sit back” as everyone ignores the key ingredient that makes all these innovations work – the network.
“For CIOs, a challenge for 2012 will be the ‘unknowns’ caused by the adoption of new technologies and business processes, and how to plan for them. We know the volume of information that flows through organisations is greater, as are the points of access and the speed at which it’s consumed is faster. What’s unknown is where the weak point will be and how it will manifest itself.”
According to Dearing, those CIOs who want to have a robust IT infrastructure which can cope with changing user demands and new technologies must not ignore the necessity to upgrade legacy networks.
“Otherwise,” said Dearing, “in the next few years organisations are at serious risk of the network becoming a bottleneck, in turn halting innovation and stalling deployments. The network should instead be viewed as a vital enabler for technology innovation rather than just a side consideration.”
Security technologies in enterprise systems
Mehlam Shakir is the CTO at NitroSecurity. When asked for his appraisal of what might happen in 2012, he told Info4Security: “2011 has been dubbed as the ‘Year of the Hack’, with many high profile organisations falling victim to attacks. In 2012, security will be a priority for many and, with an ever-increasing relationship between security and compliance, the adoption of technology will be key.”
Shakir feels this can help reduce expenses as compliance mandates become even more stringent, especially within areas such as finance, critical infrastructure, Government and healthcare.
“We need to see greater integration of security technologies within enterprise systems to model controls after business risk,” explained Shakir.
“For example, implementing HR systems that can provide near real-time updates to tools for monitoring high risk user accounts based on an employee’s status and privileges” [ie where an employee has changed job function or role, or access to systems was outside normal working hours].
With the ever increasing need to see exactly what is happening on a network, businesses need to be looking at technologies that enable forensic level auditing and logging to help facilitate quick and accurate reporting of incidents and breaches in real-time.
“As we saw in 2011, virtually no organisation is immune from attack,” concluded Shakir. “With this in mind, organisations need to start thinking about not just trying to protect their data, but also about how to detect when their systems have been compromised.”
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
