Tristan Liverpool, Systems Engineering Director, F5 Networks, assesses what 2019 has in store
It’s that time of year again. Businesses are dusting themselves down from a turbulent, fast-paced and opportunity-rich 2018 as they start to map out the year ahead. Now is the time to take stock and prepare for another calendar cycle of relentless forward momentum. As ever, there will be challenges that endure and new tech advances to capitalise on. Here’s a snapshot of emerging trends and developments businesses can ill-afford to ignore if they want to stay relevant, innovative and profitable in 2019.
The future is multi-cloud
Corporate cloud literacy is becoming an operational prerequisite as technological progress accelerates in EMEA. With a multi-cloud strategy, enterprises can assign workloads to public clouds that are best suited for specific tasks, including speed, agility and security. If harnessed with intelligence and foresight, the expansive opportunities afforded by multi-cloud scenarios will benefit bottom lines and earn customer trust through service excellence. According to Foresight Factory’s recent F5-sponsored Future of Multi-cloud (FOMC) report, the expert consensus is that those delaying on multi-cloud exploration and adoption will eventually become irrelevant. In the coming years, the FOMC report believes that upfront costs will become less obstructive as cloud vendors continue to demonstrate compelling use cases. As a part of this shift, technologies such as artificial intelligence (AI) and machine learning will be fundamental to driving higher levels of automation and rendering existing obstructions to multi-cloud obsolete.
Application services to the fore
As businesses invest in digital transformation, it is vital to modernise application portfolios and infrastructures. More than ever, it’s important to architect a system that balances effective controls with innovative freedom.
Application services emerged from the disaggregation of capabilities formerly integrated into devices such as Application Delivery Controllers (ADCs). They are now software-defined, loosely coupled, and easily consumed. It is finally possible to attach individual services to applications in real-time based on specific needs.
A major benefit of application services is that they enable IT to enforce consistent service quality. This means an additional layer of security, availability, and reliability – even if applications don’t have such in-built capabilities. As 2019 rolls into view, businesses will demand services that follow applications wherever they go. This is critical at a time where much of the user experience is digital, delivered via the cloud, and built by developer teams outside of the IT organisation.
App environment understanding needs to improve
Unfortunately, businesses worldwide are still struggling to understand, optimise, and protect their rapidly expanding application environments. According to the F5 Labs 2018 Application Protect Report, as many as 38% of surveyed organisations across the world have “no confidence” they have an awareness of all their applications in use. The report, which is the most extensive of its kind yet, also identified inadequate web application security practices, with 60% of businesses stating they do not test for web application vulnerabilities, have no pre-set schedule for tests, are unsure if tests happen, or only test annually.
The pressure has never been higher to deliver applications with unprecedented speed, adaptive functionality, and robust security — particularly against the backdrop of the EU General Data Protection Regulations (GDPR). Ultimately, businesses that fail to grasp their application environment big picture will struggle. A company’s reputation is always perilously predicated on a comprehensive security architecture. Technologies such as bot protection, application-layer encryption, API security, and behaviour analytics, as we see in Advanced WAFs, are now essential to defend against attacks.
Millennials wield more influence
The oft-perpetuated myth that millennials as lazy, entitled, disloyal, and difficult is patently nonsense. This is especially true in the context of a looming IT skills crisis and a general need for more tech-savvy workforces across all industries.
The generational gap is frequently and tediously exaggerated. There are plenty of new recruitment and employee nurturing nuances for business leaders to consider, but none should be incomprehensible. Pre-conceived notions or misty-eyed nostalgia shouldn’t cloud judgements. There is a cutthroat battle going on to identify and secure the workforces of tomorrow. Business leaders clinging to the status quo need to rethink their stance.
Multi-purpose attack Thingbots threats on the rise
Towards the end of 2018, F5 Labs fifth volume of the Hunt for IoT report revealed that IoT devices are now cybercriminals’ top attack target.
This could prove problematic in the long-term. Lax security controls could even endanger lives as, for example, cellular-connected IoT devices providing gateways to critical infrastructures are compromised. Indeed, the report posits that there are growing concerns that IoT infrastructures are “just as vulnerable to authentication attacks via weak credentials as the IoT devices themselves.”
According to F5 Labs, 2018 ended with threats looming from thirteen Thingbots, which can be co-opted by hackers to become part of a botnet of networked things. This includes the infamous Mirai botnet. Distributed Denial of Service (DDoS) remains the most common attack. However, attackers in 2018 began adapting Thingbots under their control to encompass additional attack methods including installing proxy servers to launch attacks from, crypto-jacking, installing Tor nodes and packet sniffers, DNS hijacks, credential collection, credential stuffing, and operating fraud trojans.
Businesses need to brace themselves for impact. IoT attack opportunities are virtually endless and Thingbot building is more widespread than ever. Unfortunately, it will take material loss of revenue for IoT device manufacturers, or significant costs incurred by organisations implementing these devices, before meaningful security advances are achieved. Therefore, it is essential to have security controls in place that can detect bots and scale to the rate at which Thingbots attack. In addition, bot defenses at the application perimeter are crucial, as are cutting-edge DDoS solutions.
Super-NetOps
Emerging threat landscapes and multi-cloud possibilities are changing the game. Users across EMEA are demanding rapid, safe and multifaceted services. 2019 will see pressure growing on traditional IT teams to embrace programmability and enable the orchestration and agility needed to succeed in a digital economy. Regrettably, there is a lingering disconnect when it comes to collaboration between NetOps, SecOps and DevOps teams. This could be remedied in the coming years as the concept of “Super-NetOps” professionals gains traction. With training programmes already rolling out worldwide, we can expect a surge in a new breed of systems thinkers actively and collaboratively supporting organisational needs for rapid, automated application development and delivery. Increasingly, network professionals will learn how to apply their expertise in new ways, becoming integrated service providers to their organisations rather than siloed ticket takers.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.