Security Automation and Improved IT Processes in 2013
By Sam Erdheim
BYOD, big data, and advanced persistent threats (APTs) were the talk of the security space in 2012, so what will 2013 bring? The modern enterprise IT environment is extremely complex (see the recent survey findings from our company on the Dangers of Complexity in Network Security Environments), with a myriad of smartphones, tablets, applications, and network security devices -- along with the growing use of virtualization and cloud services -- all presenting an increasing volume of management and security concerns. Next-generation security devices present new, more granular controls, but further increase complexity, and complexity leads to error and ultimately risk.
The combination of new security threats, regulatory compliance mandates, and the need to protect customer and organizational data has driven the demand for a more efficient use of network security technologies within architectures. The increasing complexity of network security responsibilities with mobility, social networking, voice, video, virtualization, cloud computing, and physical safety and security requirements is driving greater specialization and advanced skills regarding the products that facilitate these solutions, including virtual private networks, firewalls, authentication, and intrusion prevention.
The velocity and complexity of change is happening at a staggering pace.
Prediction #1: IT will see the rise of bring your own network (BYON)
Bring your own device (BYOD) will evolve into bring your own network (BYON). Smartphones and other devices (such as netstick dongles) enable laptops to connect to the Internet via Wi-Fi hotspots, bypassing all of an organization’s network perimeter security measures: firewall, URL proxy, e-mail gateway, etc. iPhone users can easily turn their phone into a WiFi hotspot (Settings>General>Network, make sure “Cellular Data” is on and you will find a Personal Hotspot setting to activate).
Besides instant access and some productivity advantages, what is the risk? Data leakage and malware are real and significant risks facing the user and, most important, the entire organization.
BYON further disintegrates the traditional network perimeter, and although the more common security incidents will occur from ignorance, there is a great malicious risk where an insider can set up one of these hotspots and trick others in the company to use this connection instead of the appropriate corporate network connection -- and in turn steal all of the information.
If you can’t/are not allowed to access something, BYON gives users an easily accessible workaround to security policy. Improved security awareness across the organization is an important first step, though there is no easy way to enforce it. Sweeping the airwaves to detect unauthorized hotspots is certainly possible but not easy because you need to be physically close to the hotspot. This will be an opportunity for security to respond and take appropriate actions.
Prediction #2: IT shifts toward centralization, consolidation, and automation
Understanding everything that is actually going on in a network is no easy task. There are too many security devices and vendors in the mix, all requiring different levels of expertise. In addition, manual management of these devices and security policies has been the norm. More organizations are recognizing the value and the need to centralize management and visibility for an improved understanding of risk. Otherwise, we leave ourselves more to manage than we can handle. There are more options and solutions available today that can help organizations automate manual and painstaking tasks that traditionally have either been pushed to the bottom of the work pile, never to be seen again, or have taken too much time from actually improving security.
With too many policies, management consoles, and a range of expertise required to keep the network secure, security professionals know that consolidating vendors (where it makes sense) can simplify their operations, and simplifying operations means tighter, more effective security.
Prediction #3: IT will improve its processes because it has to
All of this complexity and “need for speed” lends itself to a big culture change, and I predict that 2013 will be the year when the wall traditionally separating IT security and operations teams will come crumbling down. Both groups will continue to face mounting challenges of managing, supporting, and securing more dynamic and complex networks with the same or fewer resources. However, there is light at the end of the tunnel with new levels of automation that can be achieved with painstaking (but very important) tasks such as change control.
IT operations and security teams will finally make inroads to truly work together and “be on the same page”. There is no other viable option because both have an ownership stake. Silos and fiefdoms are no longer acceptable.
This alignment can and will be achieved by re-examining current IT and security processes and identifying areas where to add or enhance the necessary checks and balances -- without impeding productivity.
Security is used to responding to new threats. It’s always been the cat-and-mouse game. In 2013, security must again respond to a changing environment of new business demands, technological advances, and new threats. This time, they’re bringing backup!
Sam Erdheim is the director of security strategy at AlgoSec, a specialist in network security policy management. You can contact the author at firstname.lastname@example.org.