When we couple the ever increasing sophisticated nature of cyber-attacks with the complexities of virtual infrastructures, hybrid cloud models, and the explosive growth of mobility and bring your own everything, it’s safe to say 2012 was a rough year for the defenders of cyberspace. We expect the adoption of these trends to increase in 2013 as organizations build out their infrastructures to take advantage of the cost savings, flexibility, and productivity gains associated with these trends.
As computing networks and applications become highly virtualized via cloud computing and emerging trends such as software-defined networks, Cybersecurity will need to be a foundational part of the enterprise architecture in order to protect and partition data and applications effectively across all these various pathways. These virtualized environments create an increasingly more sophisticated infrastructure that naturally increases the complexity of securing these environments. No single cloud providers’ security model is the same and as companies progress towards utilizing more than one cloud providers’ infrastructure, it will be important to put in place a consistent security model across these disparate environments. Unisys expects new security reference architectures will be needed to provide the Cyber framework for CISOs to implement these measures in a consistent and cost effective manner.
In line with the current trend towards zero-trust security models, we expect organizations will look to new tools and techniques to hide their sensitive data, even from inside their own organizations, so that only trusted communities of interest can gain visibility and access to data where needed. This data cloaking approach will be implemented not only within the corporate network, but out to external cloud and mobile environments as a key strategy to protect against today’s advanced threats.
In addition to a focus on Cybersecurity architectures and sensitive data protection in the form of data cloaking, we anticipate that enterprises will also look towards more advanced techniques for establishing and maintaining their trusted identities in Cyberspace. This will include federated identity management in complex hybrid cloud environments, context aware authentication particularly in business scenarios related to mobile and social computing, and next generation biometrics-based authentication systems in mission-critical applications.
There will be widespread use of active cyber defense measures, especially in government. Active defense takes on another level of sophistication by automatically shutting down threats based on pre-defined business rules. This approach allows an organization to stop an attack before it causes damage to their infrastructure or exfiltrates data from their network.