Going to security conferences always stimulates my imagination. It makes me think outside of the box and remove the cruff that develops when I sit inside my lab too long—staring at vCenter monitors, 10 open bash sessions, security consoles, and emails from colleagues swallowing Xanax.
+ Also on Network World: Cyber attacks are on the rise +
If advanced persistent threats (APTs), certificate authorities (CAs) with IQs of 77, vendor patches bordering on oxymoronic, and hyper-aggressive agile development weren’t enough, I’ll summarize what I believe are your next 10 security pain points.
- Container Technology: Containers are too fun, too cool and too efficient. Yes, there are at least a dozen ways to use container quality parsers, draconian swarm rules, sophisticated communications buses and ever-smarter container monitoring. (TwistLock has gotten my attention, as an example.) The convenience factor is dramatic, and the temptation to take workloads that were formerly known as VMs will be strong. But you will experience pain. It looked easier, and therein lies the lesson: they are.
- Software-Defined Networks (SDN)/Software-Defined Routers (SDR): There is no doubt that with VMs, multi-tenant constructions, and container farms/fleets/armies, that reconfigurable network communications automation is terribly important. Networking in general used to be a separate and distinct IT discipline, anchored by Cisco and other “certifications” that lead to some pretty rock-solid, if not entirely extensible, networks. It was a full-time job.
SDNs and SDRs hold much promise. And if you didn’t know what you were doing to begin with, wait until you try and “cure it” with scripts that can black-hole and/or crater a network infrastructure with such stunning efficiency that it can take even experts hours—even days—to unwind. Gotta love BGP storms.
- Regulatory Compliance: U.S. government policies are somewhat static, but the international scene is fried. You may have to open up holes in your mail and other mission-critical systems for foreign governmental access. How you sequester data will become a huge challenge.
Some organizations have gone to geographic data hashing based on differing encryption methods. Data in place, in transit and in backups all will need hashing meta data control for international organizations. It will be more than a full-time job to remain in compliance with sticky jurisdictions. Data may also need to be physically stored in target locales, yet be accessible for analysis and additional regulatory access from within still other locales. Enjoy your new careers.
- Data Loss Prevention (DLP): With bring your own device (BYOD) came the Dutch boy standing by the dike, trying to plug all of the holes. DLP combines the Dutch boy with Whac-A-Mole into a new and interesting game called My Data Fortress! (aka the return of the data trebuchet).
- Your Fleet Data R Us: Where did you go today? Where did every employee in your company go? Will Uber sell the data? Will that merger-talks flight data become public when your CEO was in the same city as that CEO from Competitor #1? Will your board of directors be monitored? What about that GPS data? Will vehicles in your fleet rat you out? Did you actually trace one of your sales people to where they’re interviewing? Shame on you.
- Rusty Skills: No matter who you are, where you are or even why you are, your skills are oxidizing—getting rusty. Mine are. It’s constant re-invention that makes my world interesting. Cleaning the rust from my skills set is a constant challenge, but reading and trying new things frequently—to the end of the experience (rather than dabbling) seems to keep things sharp.
I’m woefully behind. I will never catch up and will never be the master I was at age 32, now that I’m 62. I’m trying not to prove the axiom that states old age and treachery will always overcome youth and skill. I’d rather be youthful. The book today on my desk: Programming Ruby. Every single person in your organization faces this challenge. You, too. Get started.
- Industrial Control Malfeasance: Ransomware will take new forms. Your Jeeps can be held hostage. Don’t pay the ransomware cost in Bitcoin, and we’ll take control of them and ditch all of your employees that use them. Bought those controllers with the SSL cert hard-coded into the firmware? We’ll take all of them offline—even your forklifts—unless you pay. Earlier I took UL to task regarding their efforts. The dark skies will continue until sudden outbursts of Genuine Security Coding takes place.
- GPS Jamming: This one scares me the most. GPS satellite beacons are a well-known system, and many systems—not just consumers’ devices—depend on their accuracy. Yes, there are ways to rapidly track where jammers are located. The problem is it’s not difficult to do this sort of jamming. It will likely happen. Having a backup plan to replace GPS seems daunting, and no one’s talked about just how to replace GPS or use alternate positioning methods to achieve goals in an emergency. It’s like the electrical grid: You know it’s going to be there or back soon with the efforts of (often heroic) service employees. I shudder to think. …
- Drones: Let’s get away for a moment from the Amazon delivery meme and go deeper into drone technologies. If you wanted to keep secrets, drones are capable of robbing you if they can see them. It’s like the people who search satellite maps for nudist colonies, looking for vicarious thrills. The intelligence-gathering drones will become a new paranoia. The 4K cams and interesting lens options allow monitoring heretofore unheard of. Like other robots, they can do amazing things. And like eagle-eyed optical character recognition (OCR) bots, they can also spell a bad day for industrial secrets. Window film sales skyrocket.
- Your Juiciest Emails at WikiLeaks: The DNC email fiasco alone will sell more protection software and consulting than any other specific trigger in recent history. Add this to e-discovery—the legal discovery process of most things you’ve communicated by email to just about anyone—and organizational email communications will have DLP rules, as well as additional harassment filters applied. Add in social media control, and Zantac consumption will rise like the tides of Facebook memes.
And that’s enough for now.