The biggest challenge this year seems to have been to achieve all kinds of work remotely. On-premise presence has become a challenge. Automation is key, manual tasks can be difficult. The completely new environment we live in has had a significant impact on trends in IT security. While the public cloud is slowly replacing the data centers, IT staff now also has to deal with home network security. But let’s start from the beginning…
2020 was a strange year. Mobility has never been that limited, and I have never spent that much time at home. Looking forward, I hope we will be able to meet friends and colleagues again soon, have real meetings in real meeting rooms, and enjoy the after-work beer together.
2020 was different for IT as well. All of a sudden, we were stuck in our home offices. I have been working in a combination of field service and home office for 8 years, and I was fortunate to be well equipped for this shift from the start. I never had to sit at the kitchen table, and there are no children playing next to me. That was not the case for many colleagues and customers.
Looking back, we could have been prepared. Hindsight is easier than foresight. Most organizations did not see it coming and were not prepared appropriately. As a firewall vendor, we saw a massive increase in support cases to assist with the configuration of remote access. Suddenly the entire office workforce had to work from home. Because laptops were out of stock, many had to use their private devices. But the centralized infrastructure, such as firewalls and VPN gateways, was not designed for that scenario either. Most companies just had a few remote workers who connected occasionally, but if everybody connects at the same time, it can become a problem for the infrastructure.
Now 9 months have passed, and most organizations have found solutions for the hurdles they had to face initially.
But are the new habits going to stay? Recent news about beginning vaccinations gives us hope for a return to our normal lives. But many things have changed in the meantime and many of the changes are going to stay. Videoconferences have obtained acceptance eventually. It is no longer necessary to jump on the plane for just a single meeting. Even important decisions can be discussed on the phone. That is convenient and helps to protect our environment. Nobody enjoys the 7 am flight. Also, the home office turned out to be a positive trend. Many people are quite surprised how efficiently we can work from home and how teams managed to stay coordinated. Surveys and analysts confirm, the number of people working from home is going to increase, and many will continue work from home at least a few days a week even after the pandemic has passed.
For the IT security industry that means, secure connectivity between people, things, and sites is going to become increasingly important. Connectivity always comes with an attack surface.
In the past years, companies have spent loads of money on security which cannot cover remote locations. In an office environment, it is state of the art to inspect email and web traffic, have endpoint security and patches up to date, lock half of the internet, and to use the company-owned equipment for business purposes only. At home, many things are different. In the worst-case privately owned and unmanaged devices are being used. But even if employees are equipped with laptops, there is no gateway security at home. No web filtering, IPS, Advanced Threat Protection, and all the other NexGen security features that keep malicious content out of the network. Security has to get much closer to the edge device.
That is why I think we will see the following trends become more important in the future.
The cloud as a data center
Most companies work in hybrid environments. Very few, mostly startups, work with cloud services only. A mix of local resources together with cloud offerings from different vendors has become normal. Up until now, the central hub was the data center. The data center is in the middle of the architecture, the cloud services, remote workforce, subsidiaries, and so on are connected back to the data center. But unfortunately, the data center does not scale. Scalability in a data center means more hardware, negotiations for budget, maintenance fees for several years, and all of that in economically uncertain times. Many have come to realize that the public cloud is just more flexible. So why not focus on the cloud and make it the central hub? The data center becomes a subsidiary, people, things and sites connect to the public cloud. For global players, the cloud can even replace their backbone network and become the common ground that connects everything together. It goes without saying that security must also be set up outside the data center.
While some paranoid colleagues operate more VLANs at home than midsized companies do, in most home networks the ISP modem is still the only network device. Network security does not exist there, security is limited to the endpoint. Fortunately, most companies moved away from BYOD for good reasons. Nevertheless, security should not be tied to the location. People always work with the same kind of information, no matter if at home, in the office, in a coffee shop, or at the airport. Using zero-trust network access solutions, we finally began to tie security to the person and the edge device instead of a centralized location in a data center. The control pane moves to the cloud where it is always accessible. This makes it possible to restrict access to the application level instead of opening the entire network. At the same time, specifications on the status of the device, for example, requirements for endpoint security, are enforced. This is the first step in ensuring a common security level, whether at home or in the office.
Even more security
Even if all employees are equipped with company laptops and access to company resources is secure, and everything else is taken care of, the device is still connected to a potentially insecure network. From a company’s point of view, the home network cannot be trusted at all. Even if nobody would consider the own home network as a risk, taking a closer look reveals room for improvements. The gateway usually is an ISP modem without any kind of security. The other devices in the network are potentially insecure. For example, the kids’ and their friends’ mobiles, PCs, and consoles may have out-of-date and vulnerable software or be infected with malware. Is this a network that a company device with sensitive information should be connected to? Actually, the company device needs the Internet connection only, connections to the other devices on the network are neither necessary nor desired. Concepts from the industrial IoT environment can be easily transferred to the home office and create a safe island within an untrustworthy network, which then only serves as a transit network for Internet access.
When freedom of movement is suddenly restricted, it is easy to see which companies have taken precautions. Remote access is key in industry and production or among machine and systems manufacturers. It is mainly about performing minor maintenance tasks remotely or from home. The potential for savings in unnecessary business trips has now been recognized. As always, security separates the wheat from the chaff. In industrial environments, the range of available security solutions is just as large as the security levels we find there. The spectrum ranges from open dial-up connections via telephone, permanently running screen sharing sessions all the way up to secure and modern solutions with authentication, logging, protocol, and anomaly detection. Just the availability of a remote access solution, which may have been set up a little hastily this year, is not enough. These accesses will remain and will become even more important in the future, which is why we will see the trend towards security continue to increase. As a result, sooner or later the cloud will replace the data center in OT environments. The change has already started.
Ransomware, phishing, and other annoyances
Hardly any outlook can do without this topic, so let us take a quick look. When the creators of Maze earlier this year announced that they would refrain from attacking hospitals and health facilities for the time being, I found the moment shocking. Really, we are not nearly well protected and rely on the goodwill of criminal organizations? The target is to be secure enough not to have to worry about it during a health crisis.
In addition, phishing attacks benefited greatly from developments this year. As already mentioned, security measures at home are often less effective, and you need access to the crown jewels for a lucrative ransomware attack. Encrypted family photos are by far less profitable than spaceship blueprints. Covid-19 is an excellent hook for phishing emails; such a moving topic quickly leads to a rash click.
Neither trend will go away soon. You can only protect yourself through extensive and consecutive security measures. The cloud is taking center stage as well, classic data center solutions and traditional client-2-site VPN connections will noticeably lose importance. With the increase in phishing, security awareness is also becoming more important, although awareness alone will never be good enough without technical measures.
So, let us look ahead and prepare for a new year heading into the future, which will hopefully feel almost like the past but will bring many improvements.