Secure predictions for 2013

02 January 2013

It’s the time of year again when IT security experts predict what the next year will bring. Here are two predictions and trends that Infosecurity Europe Exhibitors expect to see in 2013.

Oded Comay, CTO of ForeScout, predicts:

Prediction #1: Smartphones and Tablets become the Enterprises’ “Trojan Horse”
This existing trend of increasing mobile malware will continue through 2013. This is of course a problem for consumers, but it is more-and-more an enterprise issue because of the skyrocketing presence of mobile operating systems on enterprise networks.

In 2013, more malware than ever will enter the enterprises via employee owned smartphones and tablets. Companies that wish to defend themselves against this modern day “Trojan Horse” will need to deploy security technologies in two places: on the mobile devices themselves, and on their networks. Mobile device security products (antivirus etc.) are available from many traditional endpoint security vendors, and there are a variety of new mobile device management (MDM) vendors that can let you control the configuration of the mobile devices themselves. Next, you need to ensure that your network itself is protected from risky smartphones. This is an application for classic network access control (NAC). Prepare for boom and buzz in both the MDM and NAC markets in 2013.

Prediction #2: Targeted corporate sabotage will increase
On 15 August 2012, a piece of malware called “Shamoon” erased all files on more than 30,000 computers within the network of Saudi Arabia's state oil company, ARAMCO. It was a devastating attack against this company. The malware was targeted specifically for ARAMCO, and thus the major antivirus vendors (Symantec, etc.) had no signatures to detect or protect against this malware. Targeted attacks in the energy community are growing so quickly that cyber security has emerged as the principle security concern, topping physical security issues.*

As 2013 unfolds, we’ll see increasingly sophisticated corporate attacks spread by malware and created with corporate sabotage as its specific intent. We’ll also see growth in niche security solutions that defend against targeted attacks such as by looking specifically at network behaviour that is associated with propagation.

Prediction #3: BYOD Growth Drives Need for Increased BYOD Security
Jupiter Research recently predicted that the number of BYOD devices would double by 2014. BYOD itself is not a threat, but increasingly IT security managers shudder at the implications of large numbers of uncontrolled, unmanaged devices connecting to their enterprise networks. Not to mention the vulnerability inherent in your important corporate data walking out the door every day on a device that is easily stolen or misplaced. If your enterprise doesn’t have a security plan in place for BYOD, you are risking two major problems: 1) loss of data, 2) infection and attack by compromised endpoints and possibly compliance violations.

Enterprises looking to secure themselves against the BYOD trend need to consider deploying security technologies in two places: on the mobile devices themselves and on their networks. As the BYOD trend turns to BYOD ubiquity, we will see a growing need for BYOD security solutions.

Steve Pao, Vice President of Product Management at Barracuda Networks, predicts:

1. Virtualization will continue to change how we think about networking. The changes brought on by virtualization that have already affected compute and storage will continue to move to the network. While the term “software defined networking” has become a buzzword of sorts, we are seeing many practical implications, including localizing security close the resources being protected. For example, over half of our SSL VPN unit volume is sold as virtual appliance today. In fact, we have virtualized most of our network-facing product line, including our next generation firewalls, Web application firewalls, server load balancers, spam filters and Web filters.

2. Growth in data will continue to change how we think about retention. In our personal lives, data growth has forced hard disks and the cloud to obsolete the old floppy disks, ZIP drives and CD-ROMs. Similarly, in our corporate similar trends are forcing obsolescence of tape backup and the transport of those tapes offsite. At Barracuda, our fastest growing product line has been Barracuda Backup combining disk-based backup featuring data deduplication with offsite replication to the cloud. We see this trend continuing.

3. The next generation firewall will become mainstream. At the enterprise level, many vendors (including Barracuda) have been evangelizing for next generation firewalls that can monitor and control policy across both users and real applications. This technology will trickle down to midmarket buyers in 2013 and replace the heritage Unified Threat Management (UTM) products that simply combined disparate functions into a single box. Watch this space for more from us, too.

4. Businesses will have to get smart about social media usage in the workplace. A Barracuda Labs survey revealed that while 86% of respondents felt that employee behavior on social networks can impact company security, 75% of those respondents’ workplaces allowed Twitter usage and 69% of the respondents’ workplaces allowed Facebook usage. In 2013, Web security should continue its growth and many businesses will start to leverage social media archiving technologies as part of their e-Discovery and compliance initiatives.

5. Android and iOS will continue to impact business applications. Most of our customers appreciate that mobility and BYOD extend both the hours and productivity of their workforces with relatively little expense. However, taking advantage of mobile platforms requires the ability to access corporate networks, access stored data and browse the Internet safely. We, like other vendors, have mobility initiatives across our security and data protection product lines.

6. Cloud. Beyond the cloud hype, organizations will get very practical about how to use the cloud. 2013 will be the era of cloud systems management, extending the elastic compute cloud to security and enabling the efficient use of cloud applications (e.g., salesforce.com) from within very busy networks.