It's that time of year when IT companies all over the world take out their crystal balls and predict oncoming trends for the coming year. What's going to lead adoption? What new security controls will rise to the fore and which ones will fall out of favor? Will this be the year teams solve their most stubborn challenges?
If you're a regular around these parts, you know 2016 was a big year for us. We released quite a few new tools, launched SecureAuth University, and we conducted some intriguing surveys too. This meant we spent a lot of time talking to prominent IT leads, working with customers and listening to where top enterprises and SMBs alike are planning to take their security programs.
Based on these conversations, here are the trends we see in 2017.
Consolidation between the Identity and Access Management (IAM) space and User and Entity Behavior Analytics (UEBA) will be a priority. While security strategies have focused more on criminal elements in recent years, IAM focuses more on connecting the right person to the right resource as quickly as possible. With leaders seeking to offer an ideal customer experience, expect to see IAM play a stronger role in threat detection – especially in portals that rely more on adaptive and risk-based techniques rather than 2FA models.
Biometrics will play a greater role as the second factor in authentication. When it comes to application protection, more developers are favoring fingerprint technology and other biometrics. With the sensors becoming more powerful and accurate, biometrics will be applied at the intersection of phone and device fraud risk analysis pre-authentication, rather than only as a singular security measure.
Going passwordless will hit the big time. Multi-factor authentication without a password: once this would have been a pipe dream, but now teams are achieving this by pairing “something you have” (a device) with “something you are” (a biometric). Healthcare and other verticals where stakeholders don’t have the time to fumble with complex passwords will be some of the biggest adopters. Yahoo has already strongly recommended using passwordless authentication technology in response to their attack.
Adaptive authentication will get bigger. It's clear that one of the most basic criminal techniques - obtaining stolen credentials and entering networks through the front door as valid users - is one of the most enduring. To fight back, security pros are turning to adaptive authentication for enhanced visibility and stronger threat detection and response.
Teams will choose hybrid solutions that can smoothly balance cloud and on-premises infrastructure. Leaders know they can host almost any business productivity application in the cloud, from chat to email to disaster recovery to user directory. At the same time, they're grappling with legacy applications and mission-critical workloads they aren't ready to send to the cloud just yet. To ensure the user experience doesn't become disjointed, these teams will hunt for hybrids solutions that can bridge cloud and on-premises infrastructure in a cohesive way.
Consolidation is the name of the game in the security space. Here’s an uncomfortable truth: there are too many security products for security practitioners to digest, and not enough budget to address every security challenge in an organization. Survival of the fittest means that only products that efficiently address multiple will rise to the top. We’ll still see M&A activity around User and Entity Behavior Analytics (UEBA), given its rising adoption. But overall, consolidation looks more attractive than asking teams to take on even more more orchestration and integration. Expect vendors to offer more standards, API integrations and workflows that solve business problems across siloed security technologies.
Security analytics are the info-sec technologies to watch. Exhausted security practitioners are overwhelmed with data - which means products that can turn noise into valuable information will be a hot ticket. This is a fresh space and one with immense potential; as criminals continually refine their bag of tricks, and more controls are adopted, the sea of security data will only rise even higher.
DDoS is back with a vengeance. Distributed denial of service (DDoS) attacks have been on the upswing lately and that will continue to rise in 2017, given the explosion of unprotected IoT devices. While this type of vulnerability has been predicted for the last few years, these devices are still an invitation to attack - so expect to see DDoS attacks used as a smoke screen while criminals steal data. That doesn’t mean we’ll see fewer attacks using stolen credentials, though; state-sponsored threat actors have become adept in this area and they’ll still be a force to reckon with.
Cybersecurity will become a high-priority political dialogue. Okay, this one may be more of a trend that should occur. Whether it will remains to be seen. The cybersecurity discussions during the election season were vague, demonstrating the lack of insight into what is becoming a critical national issue. However, the story of Russia’s possible interference signals that we may be entering a period where cybersecurity finally has a seat at the political table.
Notice a trend? Teams are looking for streamlined solutions that are as efficient as they are strong, while addressing the complexity of today’s threats. While the IT landscape remains a hotbed of attacks, there are many good reasons to be optimistic about the tools and expertise at hand. Every day we see teams using adaptive authentication, biometrics and sophisticated security controls to solve both business and IT problems – and we believe that 2017 will be their most successful year yet.
Want to learn more? Register for our 2017 Predictions webinar with Andras Cser, VP Analyst, Forrester, and Stephen Cox, Chief Security Architect at SecureAuth.