Gartner is one of the most highly respected research institutes that operates primarily within the technology sector. In this article, we have attempted to pull together ten of the most heavyweight predictions about I.T. security that Garner has made in 2016.
IoT to Cause Major Security Problems
Gartner has predicted that by 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
This will come as no surprise to any security professional who has had to begin dealing with the major security issues caused by having to manage an increasingly diverse network of intelligent devices. I.T. security as a service department is simply not equipped to handle the increased workload that IoT will produce.
A second IoT-focused prediction from Gartner says that through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.
Consider for a moment that any IoT device attached to a network is a potential point of exploit. Yet many manufacturers of these devices have failed to give security due diligence in the design of their devices. Any business looking to adopt IoT devices as part of the corporate network should define a framework for testing the security of any device they are considering purchasing and deploying.
A Shift Towards Stronger Authentication
Gartner has predicted that by 2019, 40% of identity as a service (IDaaS) implementations will replace on-premises IAM implementations, up from 10% today.
This is partially driven by the continuing trend of the shift to as-a-Service style infrastructure. But it should also be noted that it makes it easier to interface with a diverse range of applications via a single authentication service. A logical step towards building a fully decentralized infrastructure.
The second similar prediction by Gartner is that by 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.
Gartner has simply extrapolated an ongoing trend with this prediction. Currently, even consumer grade products have begun to be massed produced using advanced authentication techniques. Incorporation of these technologies will occur naturally as equipment is replaced at the end of its lifecycle.
Security in the Cloud
Gartner has predicted that by 2020, 80% of new deals for cloud-based cloud-access security brokers (CASB) will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.
Primarily driven by the rapid adoption of SaaS applications, security service providers need to find a new way to get back into the game. They intend to do this by offering CASB style products. Whilst CASB providers may be a good choice for some companies, the question remains whether they will provide the best value, or are simply looking to get back into their failing market.
Data and Application Security
Gartner has predicted that by 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing, and self-protection technologies.
Runtime Application Self-Protection (RASP) has finally evolved into a reliable and usable solution for the uncovering of potential security vulnerabilities within a rapidly changing code base. By adopting RASP into the DevOps cycle, application security becomes stronger with less effort.
When it comes to data security, Gartner has predicted that by 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.
There can be no doubt that the shift to a public cloud environment can expose a business to additional security threats. Insurance firms already take into account facts as whether a company uses public cloud services before quoting a premium for enterprise insurance products. Putting in place firm governance for data security is something that should be seen as critical.
Threats and Vulnerabilities
Gartner has predicted that by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.
This situation is fueled by the increasing number of devices that are attached to a corporate network with little or no security vetting from internal security experts. Every smartphone, tablet, and other network enabled device is a potential threat and needs to be managed as part of an overall security methodology.
One of the more startling predictions made by Gartner is that by 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
This is a good demonstration of just how ineffective internal security teams can be. They are often overworked, understaffed and working in a “just in time” fashion. This means that vulnerabilities that are seen as a lesser threat, often get pushed to the bottom of the list of problems to be solved.