My view back into the future

The biggest challenge this year seems to be achieving all kinds of work remotely as on premise presence has become a challenge. Online availability is key, manual tasks can be difficult. The completely new environment we live in has of course a significant impact on trends in IT security. While cloud is slowly replacing the data centers, IT staff now also has to deal with home network security. But let’s start from the beginning…

2020 was a strange year. Looking forward, I hope we can get back to normal soon. I have never spent that much time at home and mobility has never been that limited. Hopefully, we soon will be able to meet friends and colleagues again, to have real meetings in real meeting rooms, and to enjoy the after-work beer offline again.

In terms of IT, 2020 was different as well. All of a sudden, we were stuck in our home offices. For me this was not a big deal since I have been working in a combination of field service and home office for 8 years. Therefore, I was well equipped from the start. Fortunately enough, I neither had to sit at the kitchen table, nor were children playing next to me. For many colleagues and customers that was different.

Looking back, we could have been prepared – but as usual: hindsight is easier than foresight. However, most organizations did not see it coming and were not prepared appropriately. As a firewall vendor, we saw a massive increase in support cases to assist with configuration of remote access as entire office workforces had to work from home. While laptops were out of stock, many had to use their private devices. Furthermore, the centralized IT infrastructure, such as firewalls and VPN gateways, was never designed for that scenario as most companies just had a few remote workers who connected occasionally. The networks were not designed to have everybody connecting at the same time and this became a major problem.

Now after 9 months of all kinds of lockdowns, most organizations have found solutions for the hurdles they had to face initially.

But are the new habits going to stay? Recent news about beginning vaccinations give us hope for a return to our normal lives. But many things have changed in the meantime and many of the changes are very likely going to stay. Videoconferences have obtained acceptance eventually – so, it is no longer necessary to jump on the plane for just a single meeting. Even important decisions can be discussed on the phone. It is convenient and helps to protect our environment. Nobody enjoys the 7 am flight anyways. Also, home office turned out to be a positive trend. Many people are quite surprised how efficiently one can work from home and how teams manage to stay coordinated. Surveys and analysts confirm that the number of people working from home is going to increase and - even after the pandemic - many of us will continue working from home at least a few days a week.

For the IT security industry, it means that secure connectivity between people, things, and sites is going to become increasingly important. Connectivity always comes with an attack surface. In the past years, companies have spent a lot of money on security not able to cover remote locations. Even if we have declared the perimeter to have disappeared years ago, many employees apparently were still hiding behind. In an office environment it is state of the art to inspect email and web traffic, have endpoint security and patches up-to-date, to block half of the internet, and to use company-owned equipment exclusively for business-related tasks. Unfortunately, many things work differently at home. In the worst-case scenario, privately owned and unmanaged devices are being used for business. But even if employees are equipped with laptops, there is no gateway security at home. No web filtering, IPS, Advanced Threat Protection and all the other next-generation security features that keep malicious content out of the network. Security has to get much closer to the edge device.

That is why I think we will see the following trends become more important in the future.

1.      The cloud as a data center

Most companies work in hybrid environments and only very few, mostly startups, work with cloud services only. A mix of local resources together with cloud offerings from different vendors has become normal. Up until now, the central hub was the data center and the cloud services, remote workforce, subsidiaries and so on were backhauling to the data center. But unfortunately, the data center does not scale. Scalability in a data center means more hardware, negotiations for budget, maintenance fees for several years, and all of that in economically uncertain times. Many had to realize that cloud is just more flexible. So why not focus on the cloud and make it the central hub? The data center becomes a subsidiary while people, things, and sites connect to cloud directly. For global players, the cloud can even replace their backbone network and become the common ground that connects everything together. It goes without saying that security must also be set up outside the data center.

2.      Security everywhere

While some paranoid colleagues operate more VLANs at home then midsized companies do, in most home networks the ISP modem is still the only network device. Network security does not exist there, and security is limited to the endpoint. Fortunately, most companies moved away from BYOD for good reasons. Nevertheless, security should not be tied to the location. People always work with the same kind of information, no matter if at home, in the office, in a coffee shop, or at the airport. Using zero trust network access solutions, we finally began to tie security to the person and the edge device instead of a centralized location in a data center. The control pane moves to cloud where it is always accessible. This makes it possible to restrict access to the application level instead of opening the entire network and, at the same time, specifications on the status of the device, for example requirements for endpoint security, are enforced. This is the first step towards ensuring a common security level, whether at home or in the office.

3.      Even more security

Even if all employees are equipped with company laptops, and access to company resources is secure, and everything else is taken care of, the device is still connected to a potentially insecure network. From a company’s point of view, the home network cannot be trusted at all. Even if nobody would consider the own home network as a risk, taking a closer look reveals room for improvements. The gateway usually is an ISP modem without any kind of security and the other devices in the network are potentially insecure. That could be for instance the kids’ and their friends’ mobiles, PCs and consoles maybe with one or the other copyright violation, patch levels and AV signatures are questionable. One would think highly infectious. Is this a network a company device with sensitive information should be connected to? Actually, the company device only requires the Internet connection, connections to the other devices on the network are neither necessary nor desired. Concepts from the industrial IOT environment can be easily transferred to the home office and create a secure harbor within an untrustworthy network, which then only serves as a transit network for Internet access.

4.      Digitalization

If freedom of movement is suddenly restricted, it becomes visible who has taken precautions. Remote access is key in industry and production or among machine and systems manufacturers. It is mainly about performing minor maintenance tasks remotely or from home. The potential for savings in unnecessary business trips has now been recognized. As always, the security separates the wheat from the chaff. In industrial environments, the range of available security solutions is just as large as the security levels we find there. The spectrum ranges from open dial-up connections via telephone, permanently running screen sharing sessions, all the way up to secure and modern solutions with authentication, logging, and protocol and anomaly detection. Just the availability of a remote access solution, which may have been set up “quick and dirty” this year, is not enough. These accesses will remain and will become even more important in the future which is why we will see the trend towards security continue to increase. As a result, sooner or later the cloud will replace the data center in OT environments. The change has already started.

5.      Ransomware, phishing, and other annoyances

Hardly any outlook can do without this topic, so let us have a quick glance as well. When the creators of Maze earlier this year announced that they would refrain from attacking hospitals and health facilities due to the pandemic and for the time being, this was rather shocking for me. Are we not nearly well protected enough and have to rely on the goodwill of criminal organizations? The target is to be secure enough to not to worry about it during a health crisis.

In addition, phishing attacks benefit big-time from the circumstances this year. As already mentioned, security measures at home are often less effective, and you need access to the crown jewels for a lucrative ransomware attack. Encrypted family photos are by far less profitable than spaceship blueprints. Covid-19 is an excellent hook for phishing emails; such a moving topic quickly leads to a rash click.

Both trends will not go away soon. You can only protect yourself through extensive and consecutive security measures. The cloud is taking center stage, classic data center solutions, and traditional client-2-site VPN connections will noticeably lose importance. With the increase in phishing, security awareness is also becoming more important – although awareness alone will never be good enough without technical measures.

So, let us prepare for a new year heading into the future, which will hopefully feel almost like the past but will bring many improvements.