2023 was a whirlwind in the security world — from new SEC disclosure rules taking effect, to charges being lodged against SolarWinds and its CISO, to the MOVEit breach — said to be one of the largest hacks (so far) in history.
But it’s a new year that will undoubtedly usher in new cybersecurity developments (both positive and negative for defenders) — particularly as generative artificial intelligence (genAI) evolves at an increasingly rapid pace.
So what does 2024 have in store for security? Leaders from Trend Micro and AWS share predictions for the coming year and beyond.
Merging of the SOC and cloud security teamsAs enterprises have increasingly — and rapidly — adopted the cloud, they have often set up specialized cloud teams to get sped up and derive value from the investment.
“When cloud is new, the real value it gives you is elasticity, flexibility; all surrounding development infrastructure,” said Mike Milner, VP of cloud technology at Trend Micro.
However, the cloud is different from traditional IT environments, thus requiring new skill sets, he noted. This has often led enterprises to seek out cloud specialists. But as these departments mature, “there becomes a little more of a cloud silo. From a security perspective, that’s not great,” said Milner.
To combat this trend, enterprises are integrating their cloud teams across the organization — including, and especially, in the security operations centers (SOCs).
“In a sense, now the cloud is more mainstream, it’s core to a lot of businesses,” said Milner. “It can’t be something separate.”
In fact, Trend Micro has predicted that SOCs and departments of the CISO at larger enterprises will absorb cloud security by 2026. As Milner explained, the work cloud security teams do is critical to business and IT operations and their foundational practices will help the SOC increase efficiencies.
“A big part of it is capability maturity,” he said. “It’s taking a while for SOC teams to become broadly capable in handling cloud issues.”
Matt Yanchyshyn, GM of marketplace and partner engineering at AWS, agreed that “what used to be discrete teams of cloud and security are heavily overlaid. The SOC and the CISO must be plugged into the cloud to consume that data and process it.”
Security at the app level, secure by designAnother “mega trend” is security at the app level, according to Yanchyshyn. Instead of thinking about point services or products, enterprises are focusing more on risk when it comes to business apps.
As opposed to the flat networks of the past, now the talk is about “cloud landscapes” and “big sets, pools of applications you see across the enterprise,” said Yanchyshyn.
This means enterprises must evolve the way they design networks and practice “secure by design” — that is, incorporating secure practices from the get-go, he said.
Clearly, companies are at different stages of cloud adoption, Yanchyshyn pointed out, and some organizations have been good about securing from the start, while others have been a little less cloud-aware and adept.
“As organizations are moving into the cloud, there’s more emphasis on what happens before anything’s even running, getting ahead of it,” he said.
But as this trend evolves, defenders can’t neglect the basics, Milner cautioned.
“We can’t forget about the things that are still a problem,” he said. “Misconfigurations are still a problem. Permission management is still a problem.”
AI as a double-edged security swordOf course, there’s no enterprise discussion going on right now that doesn’t include genAI — including its burgeoning use in (and against) security.
“Any technology like genAI that causes big disruptions for gain, for good, could potentially be used for malicious reasons as well,” Milner noted.
On the organization side, AI can help “assist and scale defenders” through extract, transform and load (ETL) analytics and auto remediation. GenAI can also increasingly suggest and take defensive actions.
“It’s not a trend, it’s here,” said Yanchyshyn. But “we’re just getting started. People are just starting to trust their models.”
On the other hand, threat actors will use genAI to help scale and optimize existing attacks and craft better, more targeted phishing emails.
However, the era of “attackers using genAI is still extremely early,” said Milner. “There are a lot of sensational headlines, really niche stuff. We’re not seeing any sign of groundbreaking changes that defenders need to be concerned about right now.”
Security of enterprise data is always paramount, Yanchyshyn pointed out, but now organizations are entering a new era in which they have to determine whether their AI models are secure.
Nearly every enterprise is looking at ways to incorporate genAI and large language models (LLMs) into their business, he said, but at the same time they’re “nervous about exposing sensitive information into a shared model outside of the walls of their business.”
Securing at the edgeWith IoT, there’s a lot more going on at the edge and much more data to consume — and secure.
IoT and edge devices “have tons more data coming from physical spaces outside the cloud by design,” said Yanchyshyn. “There’s more analysis to do. It’s a scale challenge.”
Organizations are concerned about protecting intellectual property in devices and determining the risks of them being tampered with or abused when they can’t be monitored as closely as in the data center or the cloud, experts note.
GenAI and edge have “echoes of the big data craze: Everyone knew they needed big data, everyone was talking about big data, but it took a while from it to go from hype to productive use,” said Milner. “Edge computing is almost the inverse.”
Organizations are quickly pushing models out to areas where they don’t have much control or monitoring. This requires different security tooling than those used in data centers and the cloud, said Milner.
Notably, locking down IoT devices requires zero trust security, enabling people and devices to be anywhere while data is analyzed and secured. Still, the emerging method and mindset should be applied across the enterprise domain, said Milner.
[Related: What is zero-trust security? Its principles, advantages and challenges]“Zero trust is not a product, it’s not something you can just buy,” he said. “It’s really a way of working, of designing architecture, of just seeing the world.”