Evident.io CEO, Tim Prendergast and John Martinez, VP of Customer Solutions – both pioneers in cloud security and compliance automation for multi-cloud security – have revealed what they see as the critical steps the industry will take in the coming year, and what businesses should be doing to plan for them.
Container and serverless computing ramps up creating security headaches
In 2018 companies will move to adopt the cloud-native approach and the traditional host-based operation system will either become irrelevant or it will need to reinvent itself or die. From a security standpoint, no one is really prepared to secure all these containers and functional compute opportunities, but people are adopting it nonetheless.
Cloud breaches for device data (IoT)
IoT offers some compelling opportunities for attention-hungry hackers. Businesses will see more efforts aimed at all different types of devices. For brands that are dependent upon connectivity to the cloud, this could have a hugely negative impact on their brand. In some cases (autos, health devices, etc) it could lead to dangerous personal situations.
Demand from customers for more compliance reporting: In 2017 there were many examples of breaches that were a result of 3rd party vendors not properly securing data in the cloud.
In 2018, it is likely that more enterprises demand assurances about the steps vendors are taking to secure data in their cloud environment. And, perhaps more enterprises will demand security and compliance SLAs, and a regular reporting cadence over and above an annual audit.
Increase in attacks on APIs
APIs are all about data – transacting, communicating, integrating, and processing it. Much of that data is in transit and not always protected, making the API yet another threat vector. There will be an increase in API hacking in 2018 and see at least a few highly visible breaches where a feed has been hijacked to steal or modify data.
Enterprises make a meaningful move to predictive security rather than reactive
The market is becoming more sophisticated when it comes to cloud security and they are pushing the envelope around integration and incident life cycle management. Companies will really start to be much more proactive at managing security within the DevOps lifecycle.
There is a huge need to integrate security into the development process rather than reacting to issues once a project has been deployed to production. If companies can implement the DevSecOps mindset into both their culture and products in 2018 then security will be all around better for it. This mindset will need to affect both hiring practices and processes for companies and it will potentially fundamentally change what a security engineer looks like.
Massive shift from single cloud to multi-cloud
Adoption of multiple clouds is becoming and will continue to be more prevalent, creating an even more complex situation for security and compliance teams who struggle to keep up with development.
Despite the additional complexity, organisations will make the move to multi-cloud to satisfy availability and disaster recovery requirements, to satisfy the technology preferences of development teams, or as a tactic to manage growing cloud expenses.
Additionally, companies are also looking at cloud agnostic micro-services and secondary cloud services for their future uses.
Heavier set of attacks around cryptocurrency
As the price of bitcoin continues to rise, bad guys will continue to try to find bitcoin through your system and we predict that they are going to attack clouds to mine cryptocurrency. There is a significant amount of money out there for people to capitalise on at other people’s expense.