By Alex Raistrick, Vice President Western Europe at Palo Alto Networks.
No longer is cybersecurity only the province of IT and security staff; these days, it has become a topic with implications for every major line of business and market segment. Attacks are advancing at a rate never witnessed before - last year the BBC reported on the 'world's largest' DDos Attack, which saw Dutch Web hosting company CyberBunk 'slow down the entire internet'.
Unfortunately the biggest threat facing enterprise in 2014 is that these threat developments show no sign of slowing down. The security environment facing the enterprise is in a constant state of flux. And, as malware becomes more and more sophisticated, the ability to control and identify unrecognised threats and how they could potentially infiltrate business practices is becoming increasingly crucial.
Cybersecurity: Channel trends for 2014
At present security can conflict with a need for high-performance & flexibility for some vendors, which ultimately compromises the ability of that vendor to secure content. With the fallout from the PRISM scandal leading to calls for a more vigilant regulatory environment and the Security Regulation Alliance making way for new regulatory requirements in 2014 all vendors are set to benefit from 'increased security regulation'.
So what you might ask should you be looking out for - what are the key security threats facing the channel and what do you need to know about these as we head into 2014?
The year of demand - cybersecurity and IR skills will reach new highs
As these more advanced threats become commonplace, the demand on existing incident response (IR) teams has begun to outstrip capacity, especially in enterprises and government entities where cybersecurity skills are already in short supply. A recent survey by the Ponemon Institute held that only 26 percent of security professionals felt they had the security expertise needed to keep up with advanced threats.
The year of the hybrid cloud - IT Architecture becoming more appealing
In a recent report Gartner identified 'The Hybrid Cloud' as one of the 'top 10 strategic technology trends for 2014' and this mixed approach to IT Architecture will become more appealing to the channel in 2014. As enterprises seek to flexibly extend workloads or applications beyond the internal data centre, the ability of the hybrid cloud to over spill to the public cloud means businesses will be better prepared to manage unexpected demand.
The year for monitoring - An increased demand for individual level monitoring
Forrester analyst John Kindervag describes the internal network as a "Zero Trust Network", a framework for designing security environments by first starting with an assumption that there should be no undue trust given to any user. And while most network providers use port and IP-based inspection to secure networks – which can result in end user content slipping through the virtual net – 'individual level' monitoring is something we are seeing increasing demand for, particularly from our channel customers.
The year of network security – Ensuring reliability as attackers target control systems
Companies may be able to apply tight network security to data centers and the information they manage. But if they're not doing the same for certain data center support systems such as HVAC, cooling and other automated systems that help power, clean and maintain a data center, they're leaving the whole data center vulnerable. We expect these types of attacks – in which smart hackers target the weakest parts of a data center support infrastructure – to continue in 2014.
The year to be certified - Certification as the solution
Although end-users are part and parcel of the problem they are also part of the solution! Nowadays enterprise attackers can simply ride within the SSL connection between the application and the user. The ramifications of this for enterprise security are clear: If you can't control traffic that is SSL-encrypted, then you are leaving a clear path open for malware to get into and out of your network. Channel partners lacking the ability to enforce security on any SSL encrypted communications are unfortunately leaving themselves fairly blind to potentially malicious traffic in 2014.