Prediction: “By 2020, 80% of new deals for cloud-based cloud-access security brokers (CASB) will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.”
Vendors of traditional network security products such as firewalls, SWGs and WAFs want to be in on their customers protecting their SaaS applications, which is effectively accomplished via CASBs, he says. Businesses should evaluate whether CASB services are warranted based on their plans for application deployment, and should consider offers by their current vendors of these traditional technologies, he says.
Identity and Access Management
Prediction: “By 2019, 40% of identity as a service (IDaaS) implementations will replace on-premises IAM implementations, up from 10% today.”
This increase in use of IDaaS will in part stem from the difficulty and expense of running on-premises IAM infrastructure, and the growing use of other something-as-a-service offerings will make the decision more comfortable. The ongoing introduction of more and more Web and mobile applications will create a natural opportunity for the transition from in-house IAM to IDaaS, he says.
Prediction: “By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.”
With the cost and accuracy of biometrics, they become a good option for continuously authenticating. In combination with use-r and entity-behavior analysis, this technology can make a difference when applied to cases that call for a medium level of trust, Perkins says.
Security for the internet of things (IoT)
Prediction: “Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.”
IoT devices are still being made without much consideration being given to security, and yet some are located in networks so that, if exploited, they could expose networks to harm and data to breaches, Perkins says. Businesses need a framework for determining the risks each IoT device type represents and the appropriate controls for dealing with them.
Prediction: “By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.”
Since security pros won’t be able to determine the importance that IoT devices represent to the organization, the business unit that uses them should determine what risk they represent. Security pros should set aside 5% to 10% of IT security spending for monitoring and protecting these devices as needed, he says.
Sign up for Computerworld eNewsletters.