As we approach the end of the year, it’s time to think about the obligatory list of predictions for the year ahead. While some of these predictions seem like no-brainers, others are a bit more of a speculative reach. That said, sometimes the speculative reaches end up being dead on even if it takes a while. For example, in 1968, Arthur C. Clarke, in the novel 2001, a Space Odyssey, wrote of something that sounds incredibly like an iPad called a Newspad:
“When he had tired of official reports, memoranda and minutes, he would plug his . . . Newspad into the ship’s information circuit and scan the latest reports from Earth. One by one, he would conjure up the world’s major electronic papers . . . Each had its own two-digit reference. When he punched that, a postage-sized rectangle would expand till it neatly filled the screen and he could read it with comfort. When he finished he could flash back to the complete page and select a new subject for detailed examination . . . one could spend an entire lifetime doing nothing but absorbing the ever-changing flow of information from the news satellites.”
So, emboldened by Arthur C. Clarke hitting one out of the park almost 50 years ago, on to the predictions.
2016 will be the Year of Encryption – there is a lot of voodoo wrapped up in the security space, but the reality of it is that much depends not upon voodoo but rather simple, fundamental things like good passwords and, in this case, encryption. Arguably every year should be the year of encryption, but we have seen enough avoidable damage from a lack of encryption (see TalkTalk shares tank 11% on fears that customer compensation bill could wipe out profits and “I am surprised….no encryption has been used”) this year that the responsible adults in charge will start to insist upon encryption being a fundamental part of the overall storage/security strategy. The end of US/EU Safe Harbor will also help push encryption as part of a data privacy mechanism
Physical servers will join the endangered species list – sure we all know it’s not turtles all the way down and that eventually there needs to be some sort of hardware for all this cloud to run on, but the average IT worker will have less and less to do with physical servers and will be working almost exclusively with VMs in those cases where this is not the case already.
And then there were Three – speaking of consolidation I expect to see further consolidation of the public cloud market with additional exists similar to the recent passing of HP’s Helion public cloud. Three is probably about the right number of public cloud providers, leaving Amazon, Microsoft and one other major player standing once the music stops.
Hyperconverged Infrastructure will be an increasingly popular place to keep your stacks of turtles. As mentioned above, those turtles do need to exist somewhere and it is going to be not just compute being virtualized, but also storage and increasingly via technologies like VMware NSX, network. The industry will also be moving more towards the rack as a unit of converged computing rather than single appliances and preconfigured solutions like Vblock will replace the more traditional approach of where IT groups rolled their own racks from best of breed components.
SDN and SDDC go Mainstream – while both the Software Defined Network and the Software Defined Data Center have been around for a few years, in 2016 we expect to see them increasingly show up not just with the web/hyperscale players that they have already gained widespread acceptance with, but also in enterprises and even to an extent the midmarket. The same drivers, namely lower cost and greater agility in the data center, that are working for convergence and against old school physical servers are behind SDN and SDDC.
Containers to remain shiny new object – the next step in the evolution of virtualization, containers, will remain shiny, much like SDN a couple years back. The benefits and savings are obvious, a fact which combined with the siren-like allure of the new and shiny will encourage both major players and startups to keep driving innovation and new solutions in this space. As the maturation of containers continues to recapitulate the evolution of virtualization one would expect to see many of the security issues inherent with the approach addressed not only by the likes of Docker but also by a number of third parties as we have seen with virtualization. There is a lot of interesting work to be done on this front.
Internet of Attack Surface – as more and more objects come to join the internet of things, the world will be increasingly exposed to just how ghastly and ugly things can get when you have old opensource with well known documented vulnerabilities going unpatched for long periods of time. We have internet connected lightbulbs but few who want to manage the updating of such things, including in many cases manufacturers who are new to security who may be much more focused on being able to deliver on the promise of connectivity than they are focused on security, particularly when greater security could generate more returns or higher support costs.
Automotive Hacking – when a hacker changes some numbers in a data base somewhere, it is one thing. When a hacker pitches your car into a spin on the highway by ordering full ABS stop on the left side and no brakes on the right it is considerably more exciting. Look for everything from theft via compromised key fob codes to various kinds of hacks involving car LTE and wifi networks. Any time a new industry adds significant compute a whole generation or two usually end up suffering a variety of vulnerability as a new industry learns by painful experience that security by obscurity is not secure at all and that things like onboard OBD and CAN bus networks need to be locked down. One can imagine Bluetooth, wifi and even TPS systems opening up back doors to stack overflow and other attacks.
More Breaches, More Awareness – expect to see the number of major breaches continue to rise. As awareness of the cost and impact of these breaches spreads, the value that organizations place on security and compliance knowledge at the Board and C-level will increase as well. We urge organizations to remember that compliance is not security and that addressing even basics like encrypting everything can go a long way toward either reducing the chances of a breach or the impact of one should it happen.
Anyway, those are our predictions for 2016 and they involve a mix of old and new. Interestingly much can be done to enhance your security posture simply by taking care of the basics, particularly things like properly managing accounts, using good passwords and encrypting everything that you care about.
So be it a Merry Christmas, Happy Hanukkah, Joyful Kwanza or even a Festivus for the Rest of Us, regardless of the holidays that you observe, may they be warm, happy and secure.
Now, Siri, open the pod bay doors.