Current security controls will need to be re-defined based on how we protect the enterprise with two primary considerations: containerized and virtualized environments according to CIO and CISO of Risk Management Solutions (RMS) Dave Ruedger.
Looking towards the future, there should be numerous endpoint solutions with protective controls, and network security could be very locked down with defined vendors. Furthermore, threat intelligence should generally support “on-network” environments that feed data to a SIEM to augment endpoint and network data.
Areas that are relatively formative and represent large-scale risk are cloud environments and containerized environments.
Many medium and large organizations dedicate significant resources to vulnerability management to harden the baseline image, the application stack, and SaaS web application security controls. However, the container environment, by its nature, is part of a larger hosting environment that presents two levels of configuration risk, one at the server level and another at the container level.
Even with some automation, it currently takes a lot of manpower and time to understand what is normal within the container environment, and what is a misconfiguration or a potential zero-day attack.
While there is not necessarily evidence yet of an increase in targeting container environments, attackers are starting to look at ways to exploit the topology itself. If attackers know what takes place in the DevOps automation process, they can cause a lot of problems in production, especially for companies that have a need for constant up time in their business models.
Ruedger recommends security teams adopt an insider threat approach to manage the risk of malicious actions within these containerized environments.
A lot of organizations are thinking about what it means to be “on network” and shifting to a cloud-first model, which requires a re-evaluation of security controls.
Many tech companies are going to models where authenticated users that use authenticated apps and take advantage of zero trust security control models where they may not even need services like a VPN.
Another option would be to implement a VDI approach using virtualized environments. If these virtualized environments are configured appropriately with established controls in place, they provide more flexibility, while maintaining the security posture.