Last week, Mary Meeker from Kleiner Perkins shared her always anticipated Internet Trends report for 2017. While mostly centered on consumer trends, she does dedicate a section to enterprise cloud adoption, with a focus on security. She makes a few key points along with her statistical findings.
More enterprises are migrating workloads to the cloud, which should come as no surprise to anyone. With more apps means more things to secure, but she found that the primary concerns of the business are moving away from data security into compliance. This doesn’t necessarily mean that security isn’t top of mind, but rather that companies are more interested in making sure they pass their audits. This is almost always a business imperative, where compliance allows companies to enter new verticals or regions. Where this impacts actual security is how outdated and frankly misguided many of the controls are.
Security has to be more than just checking off boxes, which is evidenced by the rising costs of network breaches. She found that email spam and phishing volume was up 350% over a monthly average since Q1 2015, and that over 10 million identities were exposed. It’s no wonder that more high profile breaches are making headlines than ever before.
Another interesting finding in the report is that the expectations for high quality design and user experience within enterprise apps are starting to match that of consumer apps. As a longtime product owner with a strong attention for design, that makes me happy. It can’t just be about flashy dashboards, though, products have to be usable to have true meaning in the workplace.
You can view all 350 slides of her report here.
As you may know from prior newsletters, I ran a webinar last week to walk through the history of BeyondCorp, and how companies can achieve their own Zero Trust security architecture. For those that weren’t able to attend, I put up the archived recording, which you can access here.
Here are a few additional things that caught my eye this past week.
Strategic Technology: Security, Digital Transformation & Cloud Native [Redmonk]
As always, a remarkable piece from Fintan Ryan, this time covering the importance of security in a cloud native environment. Injecting security best practices throughout the entire software development lifecycle makes for better security posture throughout the company, not just within the select few of a security team.
APIs are 2FA’s Achilles Heel [Daniel Miessler]
Everyone can agree that 2FA is better than using passwords, but Miessler makes a great point here that is often overlooked - an API is an entrypoint into a system like any other, and simply securing through static keys is really no different than using shared passwords. When exposing APIs, take care how access is granted.
DLP in the Cloud [Securosis]
The good folks at Securosis are back with more in-depth analysis of Data Loss Prevention in the Cloud. With more SaaS apps and IaaS resources distributed across the cloud, monitoring and protecting data becomes an even greater challenge than ever before. Here Mike Rothman shares how APIs that proxy through a Cloud Access Service Broker can provide real visibility.
Man the barricades? The future of the network fortress [DXC.technology]
It’s always great to come across an article presenting Zero Trust as a better security model than traditional perimeter-based methods. Clem Coleman shares his view of the benefits, but also some of the considerations – lagging readiness amongst vendors and practitioners chief among them. While I generally agree, I also see movement in the right direction across the entire ecosystem. As with any transformative shift, building awareness will be critical to achieve success.
Orgs Can Reduce Breach Costs by 70% with Faster Detection [InfoSecurity Magazine]
We all know the potential dangers of a security breach, which only compounds the longer it remains active, but it’s always helpful to have numbers to put it into context. Cutting into the time to detect a breach has a significant effect on the overall cost, and placing more controls at the endpoints as opposed to the network can help identify malicious behavior.
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT