The following is a guest post from Arthur W. Coviello Jr. - Executive Vice President, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC
Many people have pointed out the folly of making predictions. The risk/reward of doing so is out of balance. When you predict correctly, the predictions look obvious in hindsight. When you predict incorrectly, the best case is that no one remembers and the worst case is that you become a cautionary tale for others (Ken Olson’s famous “There is no reason anyone would want a computer in their home” comes to mind). So being fully aware of the folly of my undertaking, I once again take up my pen (or keyboard, as the case may be) and share some of my thoughts about 2013 and what it portends for 2014.
IDC has cleverly delineated the evolution of computing over the past 40+ years into three eras or platforms. After the mainframe and client/server eras of the 70’s and 90’s came the third platform, the onset of which began in 2007 with the launch of the iPhone, and Cloud, Big Data and Social are the dominant environments and mobile devices are the endpoints.
The third platform has matured rapidly since its emergence. 2013 was no exception. Adoption of Software as a Service (SaaS) has grown significantly and that growth continues to accelerate. Adoption of Infrastructure as a Service (IaaS) is on a similar growth trajectory. Increasingly, businesses are demanding access to business applications on their mobile devices as the office becomes more and more virtual.
Yet in a recent independent global survey of 3200 IT and business decision-makers, sponsored by EMC, two of the top security concerns identified across all respondents were third party access of company applications (43%) and mobile access to corporate networks (40%), pointing to the need for more advanced technologies and intelligence-driven security solutions in the era of the third platform.
Against this backdrop, one of the biggest or at least most persistent stories of 2013 was the interplay between security and privacy thanks to the NSA revelations.
1. BYOD is so 2013. The new thing is BYOI – One of the interesting trends of the third platform has been the consumerization of IT as companies have given employees greater latitude in accessing corporate resources and data via their own personal devices (BYOD). The next evolution of this trend will be the consumerization of ID or identity as employees increasingly push for a simpler, more integrated system of identification for all of the ways they use their devices. Identity will be less entrusted to third parties and increasingly be something closely held and managed by individuals – as closely as they hold their own devices. 2014 will be the dawn of Bring (and control) Your Own Identity (BYOI).
2. The return of the insider threat – The insider threat is an issue that seems to rise and fall like fashion in our collective consciousness. The events of the past year have brought the issue front and center once again in a powerful way. In 2014, we will see companies pay greater attention to the insider threat and take steps to protect themselves from the risk of substantial damage to revenue, brand and even business continuity.
3. The future is cloudy – While public clouds have been gaining some momentum for certain workloads during the past couple of years, the NSA revelations and questions about the security of those clouds could slow that momentum. We’ve seen companies rethinking their public cloud strategies and even governments in Europe advocating for the Balkanization of public clouds so that they reflect national borders. Expect public cloud providers to aggressively address the security of their clouds as a competitive differentiator and to stave off these threats to their business. Providers of cloud security should have a banner year in 2014.
4. 2014 is the tipping point year of mobile malware - As businesses provide greater mobile access to critical business applications and sensitive data and consumers increasingly adopt mobile banking, it is easy to see that mobile malware will rapidly grow in sophistication and ubiquity in 2014. We’ve already seen a strong uptick in both over the past few months and expect this is just the beginning of a huge wave. We will see some high-profile mobile breaches before companies and consumers realize the risk and take appropriate steps to mitigate it. Interestingly, the Economistrecently featured an article suggesting such fears were overblown. Probably a good idea to be ready just the same.
5. The Internet of Things - As we saw at Black Hat this past summer, the hacking target of tomorrow is not PCs or even mobile devices; it’s the Internet of Things or the growing network of devices that sense and control real-world systems. From cars to medical devices to smart electrical grids, we will see an increasing number and growing sophistication of attacks on the Internet of Things. We will see more attacks that have truly destructive – as opposed to disruptive – power.
There are, of course, numerous other trends of interest – from the emergence of memory-only and other short-term malware to Bitcoin hysteria to greater threat information sharing between companies and industries. Sufficed to say, 2014 will be another interesting year for security. While there are certainly significant challenges ahead of us, my conversations with our customers, partners, and industry peers leave me more confident than ever in our ability to meet those challenges head on. All in all, it’s the industry’s growing adoption of an Intelligence-Driven Security model, leveraging Big Data, in-depth analytics and dynamic, integrated controls to provide contextually-aware security, that is enabling companies to effectively address the challenges they can see today and those still beyond the horizon that does give me confidence, I think, I hope, I pray! Together, we will deliver a trusted digital world.