The cybersecurity discipline is currently transitioning. You will see why as you read on.
First, like other professions, security practices change as the technology powering them evolve.
We saw this happen in the eighties with the emergence of web services and virtualization and then in the nineties with distributed computing. Now we see it again with more recent technology trends.
These changes impact all technology professionals including :
So people working in a technology-focused field are beginning to see the need to adapt their work to the changing technology landscape.
These changes tend to impact security more than many other professions. Why?
Operations and Safety - Costs, Complexities, and Consideration
Let’s use an automobile to illustrate this phenomenon. You’ll agree that you need more knowledge to understand the safety of an automobile than its operation.
To operate a car, you’ll need to know how to work the controls and the laws you need to obey while driving. But to assess the safety when it comes to driving the car, knowing how to operate the car will not suffice.
Some of the factors that affect safety are:
In short, a lot more work goes into evaluating safety than operation.
In most cases, security teams are not the first to know about new technology adoption in an organization. This means that security pros must do more work than their technology-focused peers, but have less time to do it in.
In addition, most of the changes happening in cybersecurity are “systemic.” They’re based on other conditions aside from changes in technology. For example, forces like the cybersecurity “skills gap” influence the way you practice security.
We all know that businesses need personnel with the right skills to fill security roles. Albeit, people with such skills are hardly available. Plus, we often overlook what this may imply.
This shortfall tends to favor automation-focused approaches and any approach that leverages machine learning or artificial intelligence. Since it’s difficult to find humans to do this work, security teams are looking for ways to leverage their tools more efficiently.
The approach sounds good, but consider the time required to evaluate its safety. Then think about how much prep work you’d need to do for automation to be successful.
Now you know how important it is for security professionals to be aware of things on the horizon. They have to be as prepared as possible, foreseeing forms of security threats that may arise in the near future and begin laying out a plan of action to tackle them, ideally with automated tools.
With this in mind, we’ve put together five important trends to watch out for in 2020. That’s not to say you won’t find dozens of other examples that aren’t on this list. But in my opinion, this list carries the most important ones.
They impact most organizations because they affect the way practitioners do their jobs. So you’re almost certain that you will need to deal with them at some point.
Containers (e.g. Docker, rkt) are transforming the way organizations deploy applications around the globe. This isn’t a new trend by any stretch. Albeit, the disparity between how developers view them and how others in technology view them is noteworthy.
From a developer’s viewpoint, a container is a way to develop software. Full stop.
The question isn’t whether they’re going to use containers for development. But instead, does the organization have a support apparatus in place to allow them to extend the usage beyond unit-testing?
Security pros, though, have been a little late to get fully conversant with the way this changes the security picture. The security container world faces the following issues:
The list doesn’t stop here. You have a host of specialized products out there designed to address these challenges.
The use of containers will only expand and evolve. So security pros need to prepare if they’re going to keep up with the curve.
We’re well into the microservice revolution already - which won’t be stopping anytime soon. This trend will continue into 2020 and beyond. Again - like containers - from a developer’s viewpoint, this is pretty much the only reasonable way to develop modern applications.
It matters for security practitioners, though. This is because it’s an upgrade to the normative tools used in the past. This modification is crucial if you must retain complete effectiveness in a microservice world.
Consider the first step in building an application threat model, for example. What’s the first step in creating an application threat model?
Usually, it’d be creating a data flow diagram that maps out how the various components within an application interact. Then the systematic examination of each connection point from an attacker’s viewpoint of.
So what happens when you develop individual services in isolation? What if you can connect them to any other part of an application dynamically with minimal effort?
One implication is that you can’t assume a “normative” pathway through the application – two services could interact today, but a small tweak could mean four services interact tomorrow.
You may also like: Top 10 Popular Open Source Intelligence (OSINT) Tools
The natural evolution of microservice architecture at scale is the service mesh. One of the biggest drawbacks of microservice is that communication between the different services has a high chance of failing.
Instead of having services that know about each other directly, a service mesh architecture leverages a mesh-like structure. You often implemented them via proxies. Also, they’re deployed as “sidecar” containers - one per container running a given service.
These sidecar containers can maintain a “map” of where individual services live and reroute connections as they change. Its emergence, continuation, or expansion in 2020 could mean trouble to security professionals that struggle with service-based architecture today and will most certainly find themselves underwater as those environments move to mesh.
On the plus side, the sidecar proxy provides a convenient place to inject additional security controls and functionality that an individual service may not necessarily support on its own.
TLS 1.3 is now officially out. Although it took quite a while, we now have OpenSSL supporting it as of 1.1.1 (incorporated into the library at the end of 2018).
Throughout 2019, we’ve seen it rapidly gain traction. Should that trend continue in 2020, it’ll be nigh-on ubiquitous before we know it.
TLS 1.3 is interesting for a number of reasons. Albeit, one of the most interesting things about it is the mandatory use of cipher suites that enforce “perfect forward secrecy.”
What’s perfect forward secrecy?
It’s a fancy way of saying that if someone records your traffic today, you have no need to worry. Even if he finds a way to break your key in the future, he can’t also break the pre-recorded traffic. So, every session has a unique key, and a compromise with one doesn’t affect data from another session.
If you’re a security practitioner, this feature is important because it impacts some organization’s monitoring system. Certain types of monitoring tools perform “Passive” HTTPS interception. These processes worked with the old versions, but they don’t work under the new model.
This means that organizations that still rely on these older methods will need to find new ways to accomplish the same goal.
You can monitor this traffic through other means. For instance, you can do it on a web server before the tunnel is established. However, they must take active steps to accomplish this.
You may also like: Penetration Testing: Step-by-Step Guide, Stages, Methods and Application
It’s not entirely clear right now at what point we’ll realize the full potential of 5G. Albeit, it’s coming in no distant time, no doubt.
However, the real sea change that everyone’s waiting for is an explosion of connected smart devices. You can get this result from the following factors:
This trend is possible to happen in 2020, though less likely than some of the previously listed items in this article.
Why is it unlikely to happen right away?
Bear in mind that you must design and manufacture a host of underlying hardware and firmware first. Then this change is sure.
When this happens, though it will hugely impact security teams. A lot of the IoT devices out there haven’t had the best track record in security and data protection. And that includes consumer or enterprise-focused ones.
This means that security teams will need to be alert to what devices are being fielded into their organizations. It includes their usage, who owns them, and a lot of other important data points.
So while the full potential of 5G may take longer than one year to unfold, the impact of this change made it worth listing.
As stated in the outset, these aren’t the only changes that 2020 will bring to security teams and practitioners. Depending on what your organization does, other trends in attack or defense could impact you more than these.
For example, we’re also likely to see an upswing in the weaponization of social media in aspects like politics. We’re likely to see continued evolution in cloud service offerings, new attack techniques, new malware strains and varients, and new types of security products.
However, the items that we’ve covered here are the ones that we think every security practitioner should be paying attention to because of just how important they are and the impact that they’re likely to have.
27 FEB 2019RACI Matrix: How does it help Project Managers?