Encryption and the internet of things, containers and convergence: The cloud landscape in 2016 promises to be dynamic. Looking ahead, cloud security predictions showcase several emerging attack vectors that IT departments and everyday users should be considering now.
According to Eric Chiu, president of HyTrust, there is a lot of mystery wrapped up in security, given the sophisticated attacks launched by nation-states and cyber-criminals in 2015; however, many times the solution is simple and involves fundamental security principles like good passwords and encryption for sensitive data. In other cases, big architectural changes will bring fresh security concerns.
Chiu predicts that first and foremost, 2016 will be the year of encryption. “Arguably every year should be the year of encryption, but we have seen enough avoidable damage from a lack of encryption this year that those responsible will start to insist upon encryption being a fundamental part of the overall storage/security strategy,” he said via email. “The end of US/EU Safe Harbor will also help push encryption as part of a data privacy mechanism.”
Delving deeper into cloud trends, on the consumer front, the Internet of Attack Surface will rise, he predicts. Any time a new industry adds significant compute resources to the landscape, a new industry learns by painful experience that security by obscurity is not secure at all.
“As more and more objects come to join the internet of things, the world will be increasingly exposed to just how ghastly and ugly things can get when you have old open source with well-known, documented vulnerabilities going unpatched for long periods of time,” Chiu said. “We have internet-connected lightbulbs, but few who want to manage the updating of such things, including in many cases manufacturers who are new to security.”
Automotive hacking in particular will present concerns, he added. “When a hacker changes some numbers in a database somewhere, it is one thing,” he said. “When a hacker pitches your car into a spin on the highway by ordering full ABS stop on the left side and no brakes on the right it is a considerably different situation.”
2016 will see everything from theft via compromised key fob codes to various kinds of hacks involving car LTE and Wi-Fi networks, while things like on-board diagnostics (OBD) and controller area networks (CAN) need to be locked down. And, given that cars are becoming more connected (through Wi-Fi, Bluetooth, and cellular connections) as well as greater automation of systems (TPS, electronic braking, steering, throttle, and engine diagnostics), this will open up back doors to stack overflow and other attacks.
On the enterprise side, as the cloud marches on, the architecture changes will be sweeping. For one, physical servers will join the endangered species list, so the average IT worker will have less and less to do with physical servers and will be working almost exclusively with virtual machines (VMs). At the same time, hyper-converged infrastructure will be an increasingly popular place to house virtual compute and storage resources, and the rack as a unit of converged computing rather than single appliances and preconfigured solutions like Vblock will replace the more traditional best-of-breed approach. And, both software-defined networking (SDN) and the software-defined data center will enter the mainstream.
Against this backdrop, the next step in the evolution of virtualization, containers, will present new challenges. “As the maturation of containers continues to recapitulate the evolution of virtualization, one would expect to see many of the security issues inherent with the approach addressed not only by the likes of Docker but also by a number of third parties, as we’ve seen with virtualization,” Chiu said. “There is a lot of interesting work to be done on this front.”
Photo © everything possible