David Coallier, Barricade: Huge year for cloud security. More companies are beco-ming aware that "the cloud" is not a silver bullet but also not completely insecure.
Tools who are born on the cloud will prevail as it is clear that incumbents who are retroactively adapting their tools for cloud products are simply not good at it.
The pricing models for the security indu-stry, which has traditionally been contract -based, has to change to reflect how peo-ple use the cloud. The SaaS model for se-curity will grow.
Paul Hoffman, Logical Operations: More security controls.
Andrew Bagrin, My Digital Shield: Security in the cloud and securing the cloud are two different things. I believe there will be a much bigger move to providing security in the cloud (pre-scrubbing).
Julie Herold, Kenny Herold, Odin’s Eye:
We think technologies like Chef, Puppet, Ansible, SaltStack and Docker will be tar-geted by attackers to proliferate back-doors, misconfigurations with the inten-tion of abuse, and malware. Of course, this would also include any other patch management, centralized security ap-pliances/solutions etc.
Stephan Conradin: With cloud we delega-te our security without strong controls.
Sooner or later, there will be a serious incident.
Dennis Chow, Millar, Inc: Many more ven-dors and startups coming to complement access controls and data discovery/data control.
Mitchell Bezzina, Guidance Software: Lar-ge Cloud Vendors will be forced to make virtual machines of computer systems available to security teams for incident response investigations in response to new data breach notification regulations.
Without access to full machines, response teams are limited in their ability to acqui-re all data quickly, this may also affect SaaS providers and will likely lead to in-strumental case between a breached or-ganization and its cloud provider.
Rick Blaisdell: Cloud security will increase in scale, and decrease in complexity. In 2016, we’ll see cloud security evolve into simpler, virtualized controls and solutions that will have embedded security proces-ses to help map current IT systems. Heavy protective layers that have difficulty sca-ling in the cloud will stay behind, and next year will have lighter, scalable cloud secu-rity solutions.
A REAS OF SECURITY
What are your predictions
for cloud security in 2016?
Craig McDonald, MailGuard: 2016 will be the first year cloud services will be chosen because of their enhanced security. Peo-ple are at risk of physical harm as next-generation technologies are targeted. Cy-ber attackers will fund unpatched vulnera-bilities in smart-connected home devices as a way to stage a full-blown attack. The-re aThe-re no signs of a wide scale attack co-ming but this scenario is highly probable.
Attacks on next generation payment met-hods – from EMV credit cards to mobile wallets – will increase. Mobile malware is expected to grow exponentially with much of this originating in China. Hack-tivists will use data breaches to systemati-cally destroy their targets. Businesses will also fall for elaborate tricks that use new social engineering lures. Expect a big in-crease in ploys that persuade employees to transfer money to cybercriminal-controlled bank accounts. Their first step is to become familiar with the target’s ongoing business activities, so their mali-cious schemes are camouflage. This is ty-pically done by intercepting communica-tions between business partners.
Irfan Shakeel, EH Academy: Cloud security will face new challenges; hackers are mo-re likely to exploit the human vulnerabili-ties. Organizations have to invest in trai-ning programs; the certification providers will also create the cloud specific certifica-te and training to capture the market ne-ed. Over all, the business will grow.
David Clarke, VCiso: Cloud availability and a minimum of dual (maybe internet and private) connectivity. Cloud services will help mitigate skills shortage in cyber secu-rity.
A REAS OF SECURITY
What are your predictions
for cloud security in 2016?
W HO IS
WHO
Julie Herold Odin’s Eye
Senior Security Consultant
Strong eleven year development background for a Fortune 10 Cybersecu-rity Intelligence, Digital Forensics, and Incident Response firm. Ondrej also leads the Digital premier identity theft recovery and data range of investigations, including data breached through computer intrusions, theft of intellectual pro-perty, massive deletions, defragmentation, file carvings, anti-money laundering, financial fraud, mathematical modeling and computer hacking. Ondrej’s experience also includes advanced network penetration testing - using various tools and technologies, database security testing, physical security assessments, logical security audits, wireless network penetration testing, and provi-ding recommendations for operational efficiency of approaches.
Alina Stancu
TitaniaMarketing Coordinator
She is Marketing Coordinator at Titania and has spent the past two years, learning, talking and writing about information security. She is also a contributor to The Analogies Project.
anti-virus working for a Fortune 10 company at a global scale as well as 2 years of general application security background and 5 years of penetration testing in aforementio-ned company and an additional 2 years of penetration testing for Odin’s Eye, LLC.
Chase Cunningham, Cynja: Startups will continue to be the real infosec innovators.
I predict large companies will pick up their pace of acquisition of these smaller firms.
From where I sit, the large companies aren’t concerned or even working to-wards much innovation in the space as it is cheaper to simply buy the little guys out. This “trend” is basically leading to the establishment of a market wherein anyo-ne can start a company, come up with happen, the question is if big cyber corps will start to get more pressure to think dynamically like start-ups do.
Wade Johansen, CouriTech LLC: Startups will be less of an influence in 2016 as the market becomes more global, they just don’t have the capability of tapping worldwide systems for the intelligence gathering in an increasingly hostile envi-ronment.
Elizabeth Houser, Praesidio: Startups. Lar-ger cybersecurity corporations don’t offer the agility or innovation that startups bring to table.
Irfan Shakeel, EH Academy: 2016 will be-long to the start-ups of the infosec com-panies. Startups will focus on vulnerability research, threat intelligence & monitoring tools. The infosec service sector will likely to grow, as more organizations are loo-king for services.
Leon Kuperman, Zenedge: Disruptive Star-tups.
Einaras Gravrock, Cujo: The tide’s going to be growing for all types of companies.
New sectors within cyber security will cre-ate new giants from startups. Overall, this is growing so fast… with such a huge de-mand for products and sectors within cy-ber security the space will continue boo-ming in 2016 and beyond.
Mark Bennet, Blustor: In 2016, the growth of IoT, increased public awareness of cy-ber security issues, and the global expan-sion of Internet access will provide tre-mendous opportunities for cyber security start-ups. As typical of most industries, disruptive innovation is largely driven by small start-ups. We will see continued innovation in the cyber security space as well as consolidation as larger companies acquire start-ups with promising techno-logy.