IT Vortex - Managed IT Services

Security, Protection and Privacy: 2020 and Beyond

My predictions for 2020? Here’s the short form:

Bad people will attempt to do bad things with increasing sophistication and scale.

Good people will continue to fight the good fight, often with limited tools and resources.

We will see improvements in tools for protection, detection and response—maybe even some tools that work well with one another.

The C-suite will pay greater attention to privacy and security in an effort to keep shareholder value rising. New regulatory and client pressures may help security teams get the resources they need. We may even see security and privacy become a critical part of the DevOps process.

Combating Burnout in the SOC with Better Tools

Security Operations Center (SOC) teams are burned out with:

  • False positives.
  • Poorly integrated security tools.
  • Lack of visibility into all the relevant data across the enterprise.

Poorly resourced SOC teams are forced to respond to alerts based on off-the-shelf detector settings and signatures that often are irrelevant or completely miss the bad actor. When they respond, they’re often challenged to manually connect the dots to determine if the threat is credible.

Vendors are responding to this crisis in the SOC with tools for security orchestration, automation and response (SOAR). We can expect to see further developments in 2020. SOC engineers working with machine learning can train smart systems to identify normal, legitimate behavior, even as the environment changes.

Systems will automatically string together network, system and application logs to present a story for analysis, rather than an alert on a single anomalous log entry. This means there will be significantly fewer false positive alerts and a much clearer story for SOC analysts to review at first look. As part of a SOAR system, these alerts can also recommend or enact changes in controls to mitigate risks.

Ransomware Gets Scarier and Teams Respond

Infosec professionals used to talk about Advanced Persistent Threats (APTs) as rare but serious threats. APTs were “advanced” because only major criminal enterprises or governments could create them. They were “persistent” because they would linger quietly in the network, gathering intel and silently pivoting from host to host as they gathered administrative credentials and gained control. Because of the level of sophistication, APTs were either:

A: Only threats for major enterprises or institutions; or

B: Beyond the capability of smaller organizations to detect or deter.

APTs are rarely mentioned anymore, because such threats have become commonplace—not just from governments, but also online marketplaces that anyone can use with just a few Bitcoin.

Ransomware began as an unsophisticated, but highly effective tool for extortion. It was easier for victims to pay the ransom than it was to recover files from backups. In 2019, as more firms and municipalities announced they were victims of ransomware attacks, word spread that teams must have effective backups as part of their threat management programs.

Ransomware developers responded with new variants that have all the capabilities of APTs, stealthily moving into networks, gathering intel, and gaining admin access. But now, they go beyond encryption to actually exposing data if the ransom is not paid. Future variants will be ever more advanced (and persistent).

Enterprises must work on comprehensive strategies to mitigate these kinds of risks and plan for their response in case the threat is realized. This is a cross-team effort involving legal, IT, security, privacy, corporate communications and the C-suite, along with advancements in things like SOAR.

The Internet of Things Gets Bigger and More Frightening

The roll out of 5G promises a vastly more connected world with a huge proliferation of Internet of Things (IoT) devices. Within the enterprise, we’ve already seen this proliferation. Everything from cameras to sensors and coffee pots are connected to our corporate networks. In addition, employees now carry a vast number of personal connected devices. These things present serious risks to our networks (and our own personal privacy), as they are poorly supported and rarely secure.

Consider the problem with most IoT devices.

They’re typically manufactured from a variety of sources with minimum expense. When vulnerabilities are discovered, they often can’t be fixed because:

  • The devices lack the capability to be patched; or
  • The faulty component is manufactured by a sub-sub-sub-contractor who feels no obligation to provide a firmware update.

In the second case, it may not be cost effective for the contractor, or they might be in a different country and not subject to legal or contractual obligation.

Legislators are starting to respond. In California, the IoT Law (CA SB 327) went into effect January 1. In the UK, there is a voluntary code of practice for IoT devices. In the U.S., the National Institute of Standards and Technology (NIST) released a series of publications on security and privacy for IoT devices:

In 2020, we can expect to see vendors respond and improve the security of IoT devices, but this will be a slow process. In the meantime, security and network teams must understand and respond to the unique risks that IoT devices present. (See NISTIR 8228, “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.”)

Privacy Is a Big Deal

U.S. state and federal legislators will watch carefully as California, Nevada and Maine begin to enforce their new state privacy laws. Representatives continue to haggle over a federal privacy law. There are still a number of thorny issues to resolve, including:

  • A right of private action.
  • Whether the federal law preempts state laws.
  • How enforcement will be funded

Watch for a proliferation of proposed state laws, many likely based on California Consumer Privacy Act (CCPA)  or the EU’s General Data Protection Regulation (GDPR), as well as solid progress on a U.S. federal law in 2020. Both existing and proposed laws have a real impact on IT and security operations, including:

  • Specific types of data to protect, typically defining “covered data” and “sensitive covered data.”
  • Allowed or prohibited actions on the different types of covered data, typically including limiting processing to only those activities specifically defined at the point of collection.
  • Specific rights for individuals whose data your business is managing, potentially including:
    • The right to know what data you have or share.
    • The right to move or copy their data to another entity (“data portability”).
    • The right to correct data.
    • The right to restrict or stop the use or sale of their data.
    • The right to have their data deleted.
  • Requirements for risk assessments.
  • Requirements for security and/or privacy executive leadership.
  • Your responsibility for ensuring the same data protection and control at all of your suppliers and service providers, all the way down.

Security and Privacy Meet DevOps

There was a rash of articles in 2019 on how best to integrate security into DevOps. Do we embrace DevSecOps or NetSecOps? And how does privacy fit in?

At some point, we need to stop stapling additional three-letter codes on our job descriptions. Instead, we must realize that true continuous delivery means that security, privacy and compliance are core product features that cannot be ignored and must work properly with every product update. “Security by Design” and “Privacy by Design” must be incorporated as fundamental principles.

Regulated entities and those subject to GDPR already understand that these concepts are important. As more states, regulators and clients demand security and privacy, more firms will embrace DevNetSecPriCompliOps or face regulatory fines and lost clients.

DevOps teams must continue to innovate quickly, which means employing best-of-breed solutions from third-party sources. Many (most?) of these third-party sources don’t have the same regulatory or legal requirements for security and privacy. This means that firms must not just manage security and privacy within their own code, networks and containers. They must also realize that they employ third-party elements where they lack the same control.

Firms must instead use tools like zero trust, micro-segmentation and effective monitoring to protect their environments and data. Security and infrastructure vendors understand this, and there will be continued innovation and consolidation.

What Are Your Security Predictions for 2020 and Beyond?

In 2020, bad people will continue to do bad things with increasing sophistication and scale. And good people will continue to fight the good fight. My hope is that, in 2020, the good folks will have tools, resources and laws to help tilt the scales in their favor. What do you think?

Written by: Matthew Todd

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on tumblr
Share on whatsapp
Share on email

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions

Tech Tips, Cyber Threat Mitigation, Cutting Edge Technology, Cost Savings and More!

 

IT Vortex, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. You will consent to us contacting you for this purpose, by submitting the form.

Fortinet logo

Fortinet is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

microsoft logo

Name of the partner

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions

ACTI Logo

Technology Reseller and Distributor, Certified Implementation Expertise with all ACTi products and services. IT Vortex has worked with ACTi for over a decade implementing security camera solutions for a multitude of industries with AI, Facial Recognition, License Plate Recognition, Loitering Detection, Cloud storage, and more.

Amazon_Web_Services_Logo

IT Vortex partners with AWS via VMware for the VMware on AWS offering that allows for cloud services fulfillment via AWS utilizing the same VMware products many companies already enjoy the benefits from.

Barracuda Logo

Barracuda Technology is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Cisco logo

Cisco Technology is offered in our Cloud Hosting Platform via DUO for MFA. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Condusiv Technologies logo

Condusiv Technology is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dell logo

Dell servers are a key component offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dropbox logo

We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

DTEN logo

We use DTEN extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

ingram micro cloud logo

Our distribution preferred partner for our technology offerings.

Apply for this position

Fill out the form below and our hiring team will reach out to you as soon as possible

microsoft logo

Various Microsoft technologies are offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

mitel logo

Our telephone platform of choice. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

NEAT Logo

We use NEAT extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

observe IT Logo

ObserveIT/Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Proofpoint essentials Logo

Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Solarwinds Logo

Solarwinds is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Trend Micro Logo
veeam green logo

Veeam is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

vmware logo

Our Datacenter is built on a VMWare architecture. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

wasabi logo

Wasabi is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

zoom-logo

We use Zoom extensively to meet internally and externally. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Security as a Service (SECaaS) by IT Vortex

Pricing Calculator

Choose a service, answer a few simple questions, and receive an individual quote for our services

User count by type

Fill out the form and we will call you to answer all your questions