The one thing we’ve all been able to learn since the dawn of the internet is that change will remain fast where technology is concerned. Everyone is looking at hot new trends and what to expect for the rest of the year. There’s no reason to exclude enterprise security from the list.
The hottest trend for 2019 is probably the philosophy of DevSecOps. If you aren’t familiar with it, DevSecOps is the idea of fully integrating security with development and operations. At an enterprise level, development, security and operations teams are usually separated. They may interact with each other, but they are completely different departments with unique goals. DevSecOps is something closer to a cultural approach. If security team members work closely with the development team, you can get apps that have secure measures coded into them from the start.
Similarly, a closer relationship between security and operations will lead to safer practices in general. The entire goal of DevSecOps is to blur the lines between these groups and facilitate a close working relationship. Rather than just calling IT when there’s a problem, cooperation between the teams will be persistent, and the result is a dramatic improvement in overall security.
Adopting DevSecOps philosophy isn’t always an easy switch. It can include major restructuring. One of the big shifts in 2019 is the emergence of facilitators who specialize in this restructuring to make it more affordable and efficient.
If you work closely with technology, you may remember major changes to privacy laws in the European Union. The General Data Protection Regulation (GDPR) rewrote the book on how online entities can handle personal and private data. Virtually every business with an online presence had to overhaul their data management. If you don’t work closely in the field, this single regulatory shift is why you get so many more notifications about websites using cookies today. It’s required for GDPR compliance.
This event ended up being a lesson learned for many developers in data security. Governing bodies can change the rules on a whim, so security measures need to be more flexible. Over the course of this year, you shouldn’t expect a single trend to take over this attempt to make data security more flexible. Instead, investment will be towards creative solutions, and data security may make some big leaps as a result. It will be an exciting year to watch.
RBAC vs ABAC
Role-based access control was the norm for decades. Access to a system (or features/data within a system) is assigned based on the role of the user. For instance, students attending a university will have the same generic access to the school’s online systems. A network administrator for the school will have significantly different access. It’s a pretty simply way to keep the wrong people out of vital parts of the network.
In the last few years, ABAC (attribute-based access control) has gained popularity. Instead of assigning a simple role to a user, it grants access based on a series of attributes. Going back to the school example, civil engineering students might have exclusive resources that aren’t granted to education majors (and vice versa). With ABAC, you can add many more layers to access control. The time of day, location, academic standing and any number of other attributes can fine tune user access.
In a world where business applications are increasingly developed for widespread user access, ABAC is growing more valuable.
Monitoring and Reporting
Monitoring and reporting are two of the oldest virtual security concepts in the book. Even so, they’re changing rapidly. The rise of big data and machine learning has allowed security experts to make swift improvements to monitoring and reporting algorithms. While that’s good in general, a specific application is making a big move right now: internal threats.
For a large enterprise, internal threats are typically more frequent and more severe than external threats. Previously, it was difficult to apply big-data analysis to internal security, but as more businesses move in that direction, they give security developers more power to streamline this component of security.
Cloud Transformation Security
The push to move to the cloud is about a half-decade old now. Most major companies have at least partially shifted. Many new businesses are even deliberately remaining in limbo between local access and cloud usage. It’s an emerging business model. While cloud resources are robust and widely available, there is a component of moving to the cloud that is lagging seriously far behind.
Transformation security refers to the enterprise transition to using cloud tools. When departments or organizations are making the switch, it’s easy to drop a ball and create a security risk. Finally catching up, security providers are aware of the problem and developing holistic solutions that ensure the transitional period is just as secure as the end state.
That’s a summary of the biggest security trends for this year. Surely, as the months go by we’ll see some interesting developments. Until then, you can see that improvements to enterprise security are rooted in philosophical and planning shifts. Alongside those shifts increases in big data provide opportunities to fine-tune the old concepts. The bottom line is that you have access to more and better security options than ever before. It almost seems a waste not to take advantage.
About the Author: Jeff Poirior
Jeff brings 25 years of telecommunications and information technology management experience in voice and data networking, server support, and telephony and security; with a significant emphasis on customer service. Prior to joining Valicom, he was chief of the infrastructure support section for the Wisconsin Department of Transportation. Jeff was the vice president of operations for CC&N, overseeing telecommunications, help desk, data and desk side support services. Prior to that, he served as the associate director of technical resources for Covance, responsible for managing systems and network operations supporting 1700 users in Wisconsin and Virginia. He has also led data center operations at Magnetek Electric, supporting mainframe systems, client/server applications, telephony systems, and computer-aided design. Jeff holds a bachelor’s degree in business administration from Cardinal Stritch University and a master’s degree in business administration from University of Phoenix. In addition, Jeff is a past board member of the Wisconsin Telecommunication Association.