What do successful Kubernetes migration projects have in common? A clear strategy, a strong culture, and the proper resources to execute the plan. Check out this expert advice
Security 2020: 4 trends to watch
What are the key trends in the enterprise threat landscape in 2020? Here are four security issues you and your teams should focus on in the year ahead
3. Credential stuffing attempts increase
Pott from Juniper Networks predicts that the practice of credential stuffing – think of it as a hacker’s version of using automation to scale their operations – will be increasingly used to attack the vast number of cloud service provider accounts as a means of breaching a larger enterprise, especially those platforms under the broad umbrella of public cloud.
“As 2019 comes to a close, credential stuffing attacks are on the rise,” Pott says. “This is unsurprising as the number of credentials compromised every year increases and new records are regularly set for the size and scale of various data breaches.”
It’s another instance of “the larger the user base, the richer the target,” and Pott thinks it could lead to “the year of the cloudy compromise.”
“In the new year and beyond, security professionals would be wise to pay close attention to Software as a Service (SaaS) applications and Infrastructure as a Service (IaaS) accounts, especially those at major cloud providers,” Pott says. “Even after decades of warnings, people still reuse credentials all over the internet. Multi-factor authentication will be the best defense but remains somewhat niche in terms of real-world use.”
4. Endpoint security challenges: You ain’t seen nothin’ yet
Just as the traditional network perimeter is blurring to the point of invisibility, so too is the way we think about “endpoints.” Endpoint security used to mean protecting your users’ laptops and phones. Now it might mean securing a refrigerator, doorbell, or any of a vast number of other connected devices commonly referred to as the Internet of Things, or IoT.
“In the drive to be more efficient, greener, and responsive to market changes, [businesses are under] pressure to take advantage of IoT and industrial IoT to make this happen,” says Laurence Pitt, global security strategy director at Juniper Networks. “The bigger challenge comes from these swaths of other IoT [devices] being connected to corporate networks, where adoption often happens at the speed of business and security struggles to keep up. Many of these do not have security built-in at the device level, and so security needs to be considered as part of the overarching network posture.”
While IoT might already sound old, its security implications are really still in their beginning stages. “As new IoT is rolled out and security teams struggle to keep up with updates and patches, there will be more opportunities for criminals to abuse this vector and gain access,” Pitt says.
[ Learn the do’s and don’ts of cloud migration: Get the free eBook, Hybrid Cloud for Dummies. ]