IT Security Trends in 2012
0 likes360 views
In 2012, significant IT security trends were identified, driven by the rise of mobile devices, increased cyber warfare, and evolving data protection practices. Key trends include the adoption of mobile device management, recognition of smartphones as handheld computers, and the rise of cloud computing which has led to commoditization and security consolidation. Companies must adapt their IT strategies to address new security challenges associated with these trends to mitigate threats and protect sensitive data.
IT Security Trends in 2012
- 1. IT Security Trends in 2012 SonicWALL visionaries identify the most significant drivers of IT security strategy for the year ahead. By Boris Yanovsky, VP of Engineering, SonicWALL Daniel Ayoub, CISSP, Product Management, SonicWALL CONTENTS Mobile Device Management 2 Smart Phones as Computers 2 Application White Lists 3 Hands-Off IT 3 Cyber Warfare 3 Mobile Security 4 Data Protection 4 Security Consolidation 4 The Cloud Becomes Commoditized 5 Virtualized Security 5 About SonicWALL 6 1
- 2. Abstract: The three main categories of the data network environment effecting IT security are all undergoing major change simultaneously. In the year ahead, these changes will manifest themselves as security challenges. These trends fall into three categories: client devices (the consumerization of IT); the external threat environment (the institutionalization of threat development); and the hosting environment (virtualization). Any one of these dynamics should shade the thinking of IT strategists inside companies and other organizations. Taken together, they may spur major re-evaluations of current practices. Thought leaders at SonicWALL have taken a high-level assessment of this evolving landscape and identified the top trends to factor into IT strategy development. The key trends he identified are: 1. Mobile Device Management Laptops, tablets, and smartphones—in aggregate—are now preferred over desktop computers by users accessing company networks. These new endpoints are necessarily more personal devices, and are increasingly being specified and even purchased by the users. This practice—known as BYOD (Bring Your Own Device)—will accelerate, with some companies even granting allowances for the purpose. This approach to user provisioning will require IT strategists and administrators re-examine how such devices are managed on the network. Companies will need to adjust their Acceptable Use Policies (AUPs) and acquire the technologies to enforce those policies. Device manufacturers will enable and support some of these policy changes. Mobile Device Management (MDM) will begin to move from large-scale centralized deployment of special purpose solutions—external to the devices—to features integrated into the devices themselves. MDM controls who can connect to the network. To support this, Network Access Control (NAC) will make a comeback as the hub of MDM, coordinating with the endpoint controls to perform compliance checks on configurations and applications relative to the AUP. For wireless access, there will be a greater reliance on 802.1X protocols in conjunction with device authentication and user authorization to help manage permissions for network and file access. Figure 1. 802.1X-enabled Mobile Device Management 2. Smartphones Recognized as Computers Smartphones are quickly being recognized as handheld computers. The implications of this are far-reaching. The entire network now has to be provisioned in consideration of these new OSs and the applications running on them. 2
- 3. As addressed in the previous section, Network Access Controls will become the hook between IT-managed environments and user-managed devices. Specific to smartphones, this will require companies to conduct a greater variety of End Point Interrogation to confirm: client protection measures (like anti-virus software) are updated and running; no patches are missing; and the devices are not housing or running banned applications. 3. Application White Lists Pools of ―white list‖ applications—App Store and Android Market—will continue to grow, and become more trustworthy. These vendors are best positioned to vet the myriad applications being developed for their equipment and assure that the applications, at a minimum, house no malware. This will also assure the required degree of integrity for the applications to avoid network and application conflicts. With application certification essentially outsourced, companies may begin to require agent software be installed corresponding to their MDM solution, allowing companies to monitor compliance without regard to individual devices. As a result, new security solutions for iOS and Android platforms will emerge, yielding more comprehensive and better integrated security to address all the capabilities of these devices. As a company’s virtual perimeter extends to mobile endpoints, increasing capabilities to extend enterprise management and policy enforcement to mobile endpoints will become part of the feature set of enterprise IT security management platforms. In fact, some solutions will be supplied by service providers (carriers) as part of network service. 4. Hands-Off IT Driven by the BYOD trend, IT will become more hands-off in supporting mobile devices. This is already taking place at some companies, but it will start to be adopted as corporate policy on a broader scale. The case for this trend is based in companies realizing that when users purchase their own equipment, they frequently kick in some of their own money to buy higher-end gear. Since this equipment is even more ―theirs,‖ they tend to better care for it. This includes handling many service issues on their own. This, in turn, minimizes help desk calls into the company. In many cases, users purchase extended service contracts with the equipment and handle support that way. In any case, the result will be fewer demands on IT’s time, freeing IT to address more strategic and larger scale issues. 5. Cyber Warfare The threat landscape will gain greater attention and become more treacherous in the year ahead. This is because of a fundamental change in who is developing malware and why. The black-hat community has essentially split. On one hand, there are the ―kiddie-scripters‖ who play at hacking and malware with varying degrees of sophistication. On the other hand, national governments and transnational criminal organizations have ―institutionalized‖ threat development and deployment, motivated by political and financial agendas. These are deliberate and systematic attacks. They are well-funded, employ technically sophisticated developers, and their operations are ongoing. In response, the countermeasures arrayed against these threats have become comparably institutionalized. Much of this cyber warfare is taking place unbeknownst to the public with rare exceptions, such as Stuxnet which received broad visibility in the mainstream media. Civil infrastructure is already being targeted by probes and attacks, as are some embedded systems. 2012 will be the year when a high-profile event brings these activities into general awareness. Companies will continue to be targeted for customer account information and industrial secrets. But the success of the attackers will be more visible, as their assaults are more widely felt and produce more dramatic results that directly impact the general population. 3
- 4. 6. Mobile Security As noted earlier, smartphones are—for practical purposes—handheld computers. In the year ahead, this will present new security challenges already familiar in the conventional computing environment. More viruses, Trojans, and other types of malware will be authored specifically for smartphone dissemination. In some cases, the mobile devices will be targeted as a means for malware to be introduced into data networks generally with the ultimate intent of infecting and compromising computing systems of all types. Such threats will exploit some unique characteristics of smartphone platforms: small physical form factors, and the social nature of smartphone use. The small screens and one-app-at-a-time nature of smartphone interaction can obscure suspicious system behaviors. Users rarely, if ever, are mindful of the security applications installed on their handsets, much less whether those applications are running and effectively doing their job. The new generation of malware developers is aware of these shortcomings and will exploit them, leveraging smartphones as another platform for cyber attacks. At the same time, smartphones are uniquely personal devices that are used for all kinds of social interactions. This makes them an ideal vehicle for social engineering tactics and distribution of malware. Over the course of 2012, we are likely to see the first confirmed botnet of mobile devices distributing mobile spam and other, more active, threats across mobile networks. 7. New Energy Behind Data Protection The amplified threat environment and expanding channels of attack will spur a new focus on data protection practices. Regulatory compliance will gain increased importance. Concerned communities like corporate governance and financial services (Sarbanes-Oxley), healthcare (HIPAA), education (CIPA and FERPA), and commerce (PCI) will intensify their scrutiny. Audits will likely increase. As is the case already, many of these audits will be conducted by third parties. With this, we expect to see an increase in the outsourcing of internal compliance audits and remediation of any shortfalls. This will be driven by two factors: the increasing complexity of both the network and threat environments, and the willingness of the third-parties to assume the liabilities associated with noncompliance. Given that audits specific to regulatory compliance are adjacent—not central—to sound security practices, it will be an easy decision for organizations to take to outsource this function (if the cost-benefit analysis makes sense in their particular case). 8. Security Consolidation 2012 will be the year when the paradigms of virtualization and cloud deployments come to IT security. The old concept of a network having a core or center (usually the data assets) does not exactly apply in a cloud deployment. With the proliferation of endpoints and the effective removal of a physical network perimeter, security architectures are scrambling to provide the necessary protections and permissions. The solution is security consolidation. While this might seem counterintuitive, the advantages are obvious and practical. Smarter, faster security appliances can be networked into integrated, self-aware systems. The robust feature sets in these appliances represent a single platform for all the security operations of intrusion detection and prevention, anti-malware, content filtering and so on. They can also execute the endpoint interrogation and controls discussed earlier. The sum of this functionality will be a security paradigm ideally suited for cloud deployments and the oversight of traffic from a range of endpoints conducting remote, virtualized sessions. This approach provides the layered security usually associated with having multiple devices, one patching the holes of the other. As old firewalls or content filters or anti-spam appliances age out, they will be replaced by the new integrated security appliances. This will be the starting point for the new provisioning roadmap to full consolidation. 4
- 5. 9. The Cloud Becomes Commoditized ―Cloud computing‖ and ―cloud storage‖ are quickly moving beyond being important new concepts to being familiar, conventional ones. Even as companies re-examine their network operations in light of these concepts, IT executives and managers are recognizing that these concepts are not unlike the mainframe/terminal or client/server concepts of the past, with some important new capabilities enabled by smarter, faster technologies and the ubiquity of Internet connectivity. The upshot of this realization will be the commoditization of cloud deployments. While ―cloud‖ has served as shorthand for all sorts of implied benefits, the evaluation of the real benefits in each instance will be scrutinized closely. The differences between public and private clouds will become more appreciated and their suitability for particular initiatives will be better understood. Deeper understanding of the advantages and drawbacks of cloud storage and computing will inform decisions about migration and new deployments. Enthusiasm for all things ―cloud‖ will scale back from the way to do things now… to a way to do things when it makes practical and financial sense. 10. Virtualized Security Finally, we believe 2012 will be the year that virtualization and security consolidation converge in virtual security appliances. These will be packages of security functionality—decoupled from special-purpose appliances—hosted alongside all the other applications on enterprise servers. Servers will host hypervisors to address the security needs of cloud storage and computing and of application virtualization. But this approach is not specific to cloud architectures. So it will soon be applied to network architectures of all kinds. And this will undoubtedly set the stage for important new trends in the years to come. Figure 2. Virtualized security 5
- 6. About SonicWALL SonicWALL®, Inc. provides intelligent network security and data protection solutions that enable customers and partners - around the world – to dynamically secure, control, and scale their global networks. Built upon a shared network of millions of global touch points, SonicWALL Dynamic Security begins by leveraging the SonicWALL Global Response Intelligent Defense (GRID) Network and the SonicWALL Threat Center that provide continuous communication, feedback, and analysis regarding the nature and changing behavior of threats worldwide. SonicWALL Research Labs continuously processes this information, proactively delivering defenses and dynamic updates that defeat the latest threats. Leveraging its patented Reassembly-Free Deep Packet Inspection™ technology in combination with a high speed, multi-core parallel hardware architecture, SonicWALL enables simultaneous, multi-threat scanning and analysis at wire speed and provides the technical framework that allows the entire solution to scale for deployment in high bandwidth networks. Solutions are available for the SMB through the Enterprise, and are deployed in large campus environments, distributed enterprise settings, government, retail point-of-sale and healthcare segments, as well as through service providers. ©2012 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 6