Theorising what the most important IT security issues to address may be at any given time is always a highly subjective issue, particularly in this world of advocates, specialists and vendors fixated on their own particular piece of the puzzle.
However, inherent bias aside, based on the very nature of layered security and attack escalation there’s no question that network security sits at the very heart of it all. While a huge number of threats filter in through Port 80 and other avenues, if network security is properly aligned and continuously adjusted a lot of problems can be mitigated even if not altogether avoided.
As such, here’s a rundown of the most pressing network security issues that remain heavily in play looking ahead into 2014, and for that matter, nearly all of the time. Regardless of whatever area of security that you’re focused or the specific types of threats you seek to limit, I’d submit that if these specific areas were addressed more effectively, there’s much to gain and a lot less to be lost.
1. Misconfiguration Proliferation
Gartner notes that after 20-plus years as a building block of any security practice, more than 95 percent of firewall breaches will be caused by misconfigurations through 2018, not vulnerabilities.
2. VIP Access Laxness
The proliferation of overly permissive connectivity allotted to legitimate partners continues to prove very dangerous. A quick look at some of the largest data breaches in recent history highlights that organisations must improve their ability to track and control these important pathways into their networks.
3. Botnets Not Caught Yet
Botnets undeniably remain a major issue, with malware architects still flexing their muscles by leveraging established beachheads within enterprise networks. A lot of work remains to be done to better police both inbound and outbound traffic and thwart such attacks.
4. Security Orchestration With IT Automation
With virtualisation, software defined networking (SDN) and DevOps being adopted at a furious pace to increase flexibility and optimise networks there remain sizable hurdles for practitioners in keeping controls in lock step with changing infrastructure. Keep your eyes on this one for sure.
5. Mobility Instability
For years we had experts telling us that the rise of mobile malware would be a huge problem very soon… and then nothing happened. Now everyone is attempting to address the great tide of handheld attacks that have finally arrived and this should refocus efforts on keeping internal controls validated to halt attack escalation once handhelds inevitably get owned.
These conclusions may not appear to be very landmark, or all that different from years past, but this would appear to be the cold hard truth, at least to my eyes.