When it comes to the business of information security, and the big technology trends that will likely shape the year ahead, the RSA Conference is perhaps the most important event of the year. And with a record attendance of more than 43,000, this year was no exception.
The cybersecurity trends that stood out this year were cloud and container security, machine learning, securing the Internet of things, rugged DevOps and the growing managed security services market.
About three-fourths of the vendors on the Expo floor touted some level of artificial intelligence or machine learning capabilities. Currently, most of the machine learning capabilities discussed are just like the Bayesian techniques in spam filters and heuristics commonly found in anti-malware software (but now new and improved!) – much of the talk around AI and machine learning is currently more hype than reality, which makes it difficult for channel partners and end users to understand what’s real and what’s marketing.
When it comes to cloud security – a trend well underway for some time – things have hit a tipping point. According to a report published by cloud access security broker Skyhigh Networks and the Cloud Security Alliance (CSA), Custom Applications and IaaS Report 2017, the use of clouds in the enterprise has hit an all-time high, and the use of custom apps is rapidly growing. According to the report, enterprises typically run 464 custom applications; yet, information security teams are aware of only 38.4 percent of those apps. Enterprises need partners that can help them to identify and effectively manage this shadow IT that is growing in their organizations.
The report also found that cloud adoption is accelerating. What's more, software-as-a-service is growing ten times as rapidly as traditional IT, and infrastructure-as-a-service is growing at twice that rate. According to the Skyhigh Networks and CSA report, this year for the first time, infrastructure-as-a-service will hold more custom applications than are held in corporate datacenters.
Current projections on security spending for this and the next few years match the survey results. According to research firm IDC, spending on cloud IT infrastructure will grow 18.2 percent to reach $44.2 billion this year. More than 60 percent of that will be in the public cloud, while off-premises private cloud environments will be just shy of 15 percent. Additionally, IDC forecasts that worldwide security-related spending will grow just north of 8 percent and global revenues for all security-related IT spending will reach $102 billion from $74 billion today.
An Intel Security report released the week of the show, Building Trust in a Cloudy Sky: The State of Cloud Adoption, also found that enterprises are challenged to keep up with the cloud-driven shadow IT in their organizations. A majority of respondents to this report viewed the trend of employees turning to cloud services and circumventing traditional IT departments as harming enterprise security efforts. And just over half (52%) of those surveyed said that cloud apps are an initial source of malware infections.
The New Frontline is Everywhere: Reality catches up with IoT security fears
Another significant trend this year, which is finally starting to move out of hype and into the reality category, is the securing of Internet-of-Things devices, along with all the associated device monitoring, management, and breach response that will be required. In his talk, Where Bits and Bytes Meets Flesh and Blood, Josh Corman gave a stark warning regarding the current state of IoT security. And in doing so, he cited many real-world examples where poorly secured digital infrastructure is placing lives at risk, especially when it comes to medical delivery and critical infrastructure. One such example described how an ambulance carrying a patient to the hospital was diverted to another location because the intended hospital had fallen prey to a ransomware infection and became unable to accept incoming patients in the emergency room.
“You’re in an ambulance, one of the most frightening moments in your life, and you have to be directed to a different hospital because of a ransomware attack,” Corman asked. “That’s not acceptable.”
Service Providers Help Fill the Skills Gap
The supply of skilled cybersecurity professionals seems unable to catch up to demand. According to the industry association group ISACA’s report, State of Cyber Security 2017, 59 percent of the organizations they surveyed received five job applicants per opening. Typically, corporations get 60 to several hundred applications per opening.
If that job market doesn’t seem tight, the ISACA report found that for 55 percent of enterprises, it takes a minimum of three months to fill an information security vacancy. For 32 percent of enterprises, it’s taking six months or more to fill those positions.
When considering the steep challenges that enterprises face in finding the security professionals they need, coupled with the rapid adoption of cloud, mobile, and now IoT, it’s no wonder that security services continue expanding so rapidly. A report recently published by Allied Market Research estimates that the global-managed security services market will grow at a 16.6 percent annual clip between now and 2022. And there’s a good chance that five years from now, RSA Conference attendees will be discussing not how these challenges were solved but how they grew in complexity.