2016 trends in Security


5 January 2016
2016 Trends in Security

Security is a topic that has surfaced across almost all the industry trend predictions that tech vendors are making for 2016. But this should hardly be surprising given the many high profile cyber breaches of 2015 and the huge numbers often associated with cybercrimes. IDC has predicted that by 2016, data breaches and cybercrime will impact over 1.5 billion people, will cost the global economy US$650 billion and set to hit US$1 trillion by 2020.

Organizations have often cited security concerns as one of the concerns when considering moving their infrastructure “outside” into in a managed or cloud infrastructure – yet they know that for their IT infrastructure to keep up with growth, it is becoming inevitable to exploit the cloud.

So against this backdrop, how is this impacting organizations to look at security in 2016?

Increasing complexity with the cloud

“The threat landscape will continue to become more complex. Cyberattacks will target the weakest links like apps and users, and the movement to the cloud will add on to the complexity,” said Mohan Veloo, VP of Technology, Asia Pacific, F5 Networks.

Kenneth Arredondo, President & General Manager, Asia Pacific & Japan, CA Technologies predicted that “agile security” will be up front and centre in an organization. “Security can no longer be an afterthought. It has to be baked into every aspect of application design, development and deployment. Accelerating development cycles means security must be in on the ground floor of any project or development process. Today’s breach rates, financial impact and board- level attention will demand security’s starring role,” he added.

From prevention to detection and prediction

“Enterprise security postures will shift from prevention to detection & response,” added Veloo. Similarly, Intel Security’s Managing Director of Southeast Asia, Craig Nielsen predicted that the security industry will develop more effective tools to detect and correct sophisticated attacks.

“Behavioral analytics could be developed to detect irregular user activities that might indicate compromised accounts. Shared threat intelligence is likely to deliver faster and better protection of systems. Cloud-integrated security could improve visibility and control. Finally, automated detection and correction technology promises to protect enterprises from the most common attacks, freeing up IT security staff to focus on the most critical security incidents,” Nielsen added.

Security virtualization

The good news is that the virtualization of security, such as virtual firewalls in networks, can be leveraged by organizations to provide the reach and scalability to protect against threats. Ras Scollay, Regional Director, Southeast Asia, CenturyLink said: “Security virtualization techniques (can) monitor traffic and network patterns to identify suspicious activities and threats. This lets organizations respond with countermeasures that may be better than conventional methods.”

Employees still the top concern

However, managing employee risk is generally still often considered highest on the list of priorities. Roughly half of all corporate breaches stem internal employees. “In addition to providing ongoing employee training, organizations should discuss their critical data requirements with their hybrid IT provider. This ensures that, if there is a breach, critical data will be protected,” added Scollay.

Sharing threat intelligence

Threat intelligence sharing among enterprises and security vendors will grow rapidly and mature, predicted Nielsen. “Legislative steps may will be taken making it possible for companies and governments to share threat intelligence with government. The development of best practices in this area will accelerate, metrics for success will emerge to quantify protection improvement, and threat intelligence cooperatives between industry vendors will expand.”

Ultimately, what all this translates to security and managed services vendors is an increasing importance on reputation and the ability to showcase their ability to manage end-to-end security in the increasingly complex security landscape.