1. Security gets embedded into all core development
2017 is the year of embedding security into your applications. So much so, that we’ll stop caring about defining issues that happen to applications as security or operations or performance. The security must be embedded directly into the app to support agile, cloud and devops. We’ll start caring more about how fast we’re able to identify problems that arise, and we’ll fix them regardless of their classification.
2. Security vendors will be held more accountable
Over the last couple of years, there has been a spike in investment in security startups, leading to many undifferentiated ‘me-too’ companies. In 2017, we’ll start to see a thinning of the herd, especially in event-driven and compliance-driven security purchasing. We’re getting smarter about buying good solutions that make us safer, instead of just worrying about buying the Gartner-defined industry leading software. The security vendor industry will finally be held to standards of quality of detection. The biggest shake up will not come on the buying side, but instead on the security vendor industry, as vendors will have to adjust to a market that is more fickle about efficacy than ever before.
3. Application security will have its day
We have to make sure that the enterprise doesn’t over spend on the security issue du jour and leave themselves vulnerable to direct hit at the web app level. DDoS and Ransomware became huge issues in 2016 — more so than any other year. While this is a very important trend, we have to keep in mind that an overwhelming majority of compromised records still come from web application layer attacks, and will continue to do so.
4. New technologies will be battle tested
With the growth of microservices, serverless, IoT and a continued usage of http as the communication layer for everything, we have to actually get serious about application security. This puts some of the communication that used to be internal to a network, or just local on the machine, out into the network. This is a continued growth in attack surface and it will be exploited unless effective technologies are put into place.
5. DevOps RULES!
In 2017 DevOps will go mainstream. It has been crossing the chasm and picking up speed, but in 2017, DevOps will start being a symbol for teams with integrated skills to build, deploy and maintain applications in a continuous way. Security will be a cornerstone of that skill set. DevOps requires a reinvention of security, including a cultural change. To meet this need, security as a whole will recognize the need to integrate into devops to survive.
6. IoT & home automation security
Home security for Internet of Things devices will be a huge market by 2020. Right now it’s nascent, but as people implement more and more devices in the home, the security risks will continue to increase. Many interesting technologies will be born in this space in 2017 and 2018.
Please… Just please!
We will see a decline in the use of the word “cyber” (please let it be so).
Thanks for Reading
We wrote a short book on The Roadmap for DevOps and Security that outlines the 4 key areas Security can provide value in a DevOps organization. At Signal Sciences we provide a modern approach to application security and web application firewalls that DevOps shops love. I hope you find it useful.