Black Hat 2017: Disruption in the Wind

cybersecurity-connections.jpgSuch blogs typically offer 3 or 4 takeaways from seminal industry events; I have one from Black Hat 2017—disruption of core cybersecurity markets is in the air.

In the land of endpoints, “next-gen” antivirus (AV) vendors are running a Trojan horse play by positioning their controls as complementary to incumbent endpoint protect platforms (EPPs) while readying their own such suites as the virtual army to exit said horse to displace those incumbents. This strategy was fueled by the epidemic levels of ransomware in 2016 that exposed the (in)efficacy of the then current versions of established AV and EPP products busting opening the fort gate. With this dynamic now in the foreground, another such disruption is rapidly approaching from the now not so distant horizon.

There’s nothing like a meta-trend to be the catalyst to disrupt established markets, as has been the case with cloud computing and enterprise IT, not to mention the travel, hospitality, and entertainment markets. While conservative CIOs and security pros have tried to hold the cloud gate shut, business units have been doing an end-run to not only a multitude of unsanctioned SaaS apps, but also multiple IaaS platforms. Amazon Web Services (AWS) was often the destination of choice for such end-runs, and while organizations continue to consume a variety of AWS services, including the AWS CloudFront CDN for web apps, many are now pursuing a best-fit approach to their use of public clouds. Microsoft Azure, for example, is often employed for Active Directory, Windows virtual machines, and MySQL with Google Cloud Platform (GCP) attractive for compute intensive workloads such as those required to support data analytics use cases.

Such best-fit matching of requirements to cloud is resulting in the multi-cloud aspect of what constitutes a hybrid cloud. In fact, according to research conducted by ESG, three-quarters of participating organizations who are consuming IaaS services are doing so from more than one cloud service provider (CSP). Micro-services and the containerization of apps is another fast approaching feature on the horizon contributing to the multidimensionality of hybrid clouds.

All this is leaving the gatekeepers not only pondering how they lost control, but also, in an attempt to catch up, asking “Where are the AWS/Azure/GCP span and tap ports so I plug in my physical firewall, malware detection sandbox, IDS/IPS appliance, secure web gateway, et al.?!” And therein lies the disruption: Software-defined, API-driven, multidimensional hybrid clouds beg for a like-minded set of security controls, those that are of a software form factor, cloud-delivered as-a-service, and more architected with APIs and tags in mind to enable connectivity and adaptability versus driving users to a single pane of glass.

It's not that the physical perimeter and the physical controls that protect them go away—their role and how they coexist in the new world order, however, is about to be fundamentally disrupted. This is the basis for a new market research study ESG will be conducting—how multidimensional hybrid clouds are impacting cybersecurity priorities. Or maybe I spent too much time in the heat of the desert at Black Hat watching attendees of PetZoo, including tie-dyed standard poodles, mingle with the cybersecurity community at large. But I don’t think so—disruption is in the wind both in the foreground and on the visible horizon.


Topics: Cybersecurity Black Hat