Wed 23 Dec 2009
New year’s resolutions & predictions
Posted by Slavik under insider threat, Personal, security, sentrigo
[4] Comments
As another year comes to a close, it’s time for both new year’s resolutions as well as predictions.
On the resolutions front, I hope to be much more active on my blog next year. As we grow as a company, I seem to have less time for my musings, as I spend more time with customers and those we hope will become customers. Overall, it’s a good problem to have…
As far as predictions go, this is always dangerous ground. A year from now, someone will undoubtedly come back and point out that I really missed some major new trend, or called one that never came to be. But, these are simply best guesses based on what I’m seeing out there, and I’d be happy to hear from those who have additional trends of their own. You can also read all about it here and here.
Hackers are getting better tools
This one will increase the frequency of attacks, based on several factors:
- Automation will let good hackers move faster
- Less skilled hackers will now be able to use more sophisticated attacks
- Lesser known sites will see more “random” attacks as the tools look for vulnerabilities instead of the hackers targeting specific companies and finding a way in
More attacks will be based on outsiders turned insider
As the perimeter defenses become better, most companies have continued to neglect the risk of the privileged insider. So, the easy money may go to alternative approaches to getting insider access. Bribery and even extortion come to mind, but so does getting hired as a consultant or even an employee, mainly to get at the data.
I also put drive-by malware attacks in this category, as the unsuspecting user simply browsing a site lets malware in that attacks from the inside.
Organizations will focus on minimizing surface area of attack
The less content you have, the easier it is to lock it down. Just as the e-Discovery era brought about email retention policies, we’re beginning to see people deleting sensitive records as soon as they are no longer needed, reducing the information at risk. At the same time, tools like tokenization will limit the number of databases with actual information to just one, while apps only store pointers. By securing the one live repository (I’d recommend Sentrigo for this of course!), you’re now protected.
Databases finally make it to the cloud
There’s been much noise about the cloud, but so far I haven’t seen many customers putting business critical apps, with sensitive data, in the cloud. One reason has certainly been concern about data security (and compliance). With solutions like Hedgehog, you can deploy a small sensor that gets installed whenever and wherever the cloud provider puts your database, and it is just as secure as in your own datacenter. And you can monitor the admins at the provider as well. As companies get comfortable with these technologies, critical databases will move to the cloud.
Compliance will remain a “bare minimum” effort
Not so much a new trend, but I expect in the continuing difficult economy, we will still see most companies investing the least amount possible to comply with regulations, rather than taking an approach of what they consider best practices to secure data. Thus, we’ll still see breaches of “compliant” companies, and as a result there will be pressure on auditors to enforce more strictly, and pressure on regulators to update standards to fill commonly exploited gaps. To stay on top of this, flexibility will be required.
So, here they are. I’d love to hear your thoughts…
Compliance is meant to kick laggards into action and raise their performance to a minimum acceptable level. Of course it will remain a “bare minimum”. Regulatory requirements are aimed at those who likely would do nothing without the threat of fines.
==
Totally agree that databases in the cloud will be a trend. Not to tweak the Hedgehog’s tail … but does this mean Hedgehog will support MySQL? I did not see that listed on the web site.
Hi Adrian, thanks for the comment.
I’ve seen the rare occasion where the compliance efforts kicked a well thought out and broad security project going well above and beyond the requirements but indeed the norm is doing only the “bear minimum”.
Regarding Hedgehog and MySQL – Hedgehog will fully support MySQL in 2010.
I will give my view about the first point: ‘hackers having better tools’.
I think that we must introduce in the reasoning that there are new tools and startup emerging that try to cover the pen test and sw testing procedure (black, white, grey box). This tools may have prices that goes from very expensive to ‘feasible’.
So: I agree that hackers are going to have better tools, but companies have access to better protection tools. Will need to see in the next months, if the number of sites really hacked are the ones that decide to introduce new tools, or just the ones that stay ‘quiet’ / keeping the current status-quo.
Thank
Another topic that I think will growth (in terms of the number of vulnerabilities) will be related to ‘virtualization’.
I´m not sure, yet, about how this will impact environments with DBs running on virtual environments.
If you read the theory, seems that ‘all will run smoothly’ on virtual mode. Just a number of machines over a minumx boxes.
But I’m not sure. I would like to see numbers related to really productive sites, and critical data and companies, running virtualized, AND the number of attacks and vulnerabilities.
I know that this is just my opinion, and opinion without numbers are nothing.
But….
Thanks