As we reach the end of 2015, security experts from Lieberman Software Corporation have gazed into their crystal ball to help predict what may lie ahead for the IT security industry in 2016 and beyond.
Jonathan Sander, VP of Product Strategy, on 2016:
- Many antivirus and security product companies will discontinue their on-premises products due to reduced demand. Driven by platform improvements, such as Windows 10 adding many endpoint protection features to the core of the product, many antivirus and endpoint protection companies will be forced to pivot. These vendors will watch as a series of rolling service packs and free incremental version updates quickly eats away at their value proposition. For the platform vendors, this will be monetised by the sales of advertising and app store commissions. Security is hot enough now that these vendors can rely on businesses and consumers to go for security in the same way they’ve been going for speed in the past. This will also include current security darlings like application virtualization, which still has its “cool” factor. These limitations of what programs can run with what privilege, and with what data will be incorporated into the operating system of desktops providing free virtualized secure containers.
- This year we will see a major revolution in how firewalls are installed, configured and run that deliver more value with less human tuning. Part of what takes humans out of the firewall tuning business will be collective experience being put in the box. Some of it will be the application of machine learning technologies and other nascent AI peeking out of the lab and impacting security operations. We know that the bad guys are using automated techniques to attack, and it’s only by putting our machines to fight theirs on the front line that we can hope to keep up.
- Software Defined Networking (SDN) will become fully operational and deliver better performance and security. SDN will begin to drift down market into more enterprises delivering better performance, security and value. Products from legacy network device vendors will be discarded in droves much like their physical server analogs were. New engineers entering the workforce will see physical network devices as dinosaur technology from dinosaur companies. This will be accelerated as customers begin to leverage the software defined networks in their cloud provider infrastructure and want to get that level of ease from what they do everywhere. This is the corporate drive to consumerization finally reaching the network layers.
- There will be a major shift as companies finally give up trying to do their own security and move the responsibility to others with strong capabilities. With the pace of breaches increasing, the complexity of hybrid IT growing, and the risk of loss mounting daily, executives and boards will see the light and begin to give security access to the same outside resources the rest of IT has had for a decade. Security services will be delivered by ISPs, cloud vendors and managed security services providers. You will see regional MSPs that have been mostly about maintaining uptime quickly and decidedly shift to including security services or die off. The cost and time to deliver security will drop dramatically as it begins to be delivered from the cloud as a rented capability. This flow of expertise from the few to the many will democratize the military grade security only available to the largest firms to the masses.
- Manufacturers of software will try unsuccessfully to migrate into the managed services and consulting services business with disastrous consequences. This is already underway today, and very few have been able to make the leap. The largest have established some form of service provider model and been able to shift their largest customers onto it in part. This has mostly been through force majeure in license renewal contracts, and has come ahead of the companies really understanding what they want or need from a managed security service provider. Once the true need for this security as a service emerges, the inadequacies of these vendors’ attempts will be clear, and there will be a quick move to one of the players born in the cloud or as an MSP who can give them a full featured solution. Those software vendors that have simply “cloud washed” their software by putting it online (often through a third party) will also need to quickly adapt or they will be out played by one of the cloud native plays.
Philip Lieberman, CEO and President, on 2016 and beyond:
- The responsibility for security will no longer be with the end user or IT. All security aspects of every part of your end-points, infrastructure and cloud will be outsourced to managed security providers. Operation of data centres will be based on no longer detecting intrusions, but will be handled by regularly replacing systems and software automatically whether compromised or not. Every packet on the network will be known and tracked so that source, destination and purpose are known. Humans will no longer change passwords or even be responsible for passwords. All password management will be handled by automated systems with password lifetimes measured in minutes or hours. All desktops and servers will be operated as isolated hypervisors and storage will be also virtualized so that only the right data will be available for the right purpose and for the right person and application.
- In the future there will be little opportunity for attackers and anything stolen will be of little value.
- Customers will realize that there is no longer any financial or privacy issues with the cloud and that cloud provider security is superior in all ways. Governments will give up on regulating data, privacy and the cloud realizing that their citizens will no longer allow it. Cloud providers will provide better security and privacy than any government as well as protection against nation state attacks. On-premises solutions will be impossible to keep running under government regulations due to lack of expertise in cyber warfare by most companies.
- The Internet of Things (IoT) will be completely redesigned multiple times after large compromises are discovered and paid for. Eventually IoT will become secure.