2016 has been an exciting year for technology, especially in the areas of cybersecurity, identity, and cloud resource management.
According to the 2017 CIO Report recently published by Piper Jaffray, the top three CIO concerns are compliance, endpoint security, and identity and access management. This is good news for OneLogin, since we participate in all three. These topics will probably become more relevant as we continue into 2017, as new technologies - and how they’re used, and legal restrictions on their use - are constantly evolving.
OneLogin partners with dozens of security-focused providers across a number of industries. We had the opportunity to get the perspectives of a number of these industry leaders, including cloud access security broker Cloudlock, multi-factor authentication provider Duo Security and enterprise file sharing service Egnyte, to understand their predictions for the new year.
Here is what they had to say.
According to CloudLock, integration is essential.
“In speaking with dozens of security executives, I consistently hear a variation of the following: ‘I have a goal to reduce our number of security vendors to twelve.’ Or ten. Or six. But why?” asks Michael Gleason, Product Marketing Manager at CloudLock, recently acquired by Cisco.
“Because less vendors means more focus, it means less overlap and conflicts in security approaches, and it definitely means less wasted hours of human capital in onboarding and managing tools.”
We’re biased, but we believe that this short list of vendors should include an Identity and Access Management vendor, ideally one that (like OneLogin) has a wide range of integrations with various applications, directories, and other parts of security infrastructure.
Michael continues, “Going into 2017, security vendors will respond accordingly. Vendors will integrate to offer platform-based, highly extensible security solutions, enabling cross-platform data correlation and incident remediation. Deeper integrations between systems organizations have already invested in will surface meaningful security incidents that may otherwise slip through the cracks, ultimately improving their security posture, at a lower cost.”
A good example of this is OneLogin’s integration with CloudLock which, among other things, enables IT to prevent a user from logging into applications if they are coming from a blacklisted country where the country doesn’t do business.
Duo expects cloud-based management to become more prevalent (and more robust.)
According to Duo Security, 62 percent of organizations who participated in The Global State of Information Security Survey 2017 from PricewaterhouseCoopers (PwC) are opting for cloud-based managed security services to provide: - Authentication - Identity and access management - Real-time monitoring and analytics - Threat intelligence
Thankfully OneLogin offers many of these capabilities. For authentication, we partner with leading MFA providers like Duo. IAM is our core business, of course. We recently launched real-time identity event streaming to popular SIEM systems like Splunk, ELK, and Sumo Logic; these events are an essential part of any threat intelligence program.
According to Thu Pham, Information Security Journalist at Duo Security, “Phishing has emerged as a significant risk across all companies and every industry. Thirty-eight percent of those surveyed reported phishing scams. Criminals will send phishing emails to employees in order to trick them into sharing their legitimate user credentials, gaining access to company systems and data.”
“Passwords alone aren’t secure enough to protect against phishing attacks. PwC reports that businesses are adopting advanced authentication, or two-factor authentication technology such as hardware and software tokens, biometrics and smartphone tokens.”
Egnyte is excited to see how cyber security develops to face new challenges.
“In 2016, a lot of companies that handle user data made headlines for the wrong reasons. Yahoo, Dyn, Dropbox and Apple were just some that suffered attacks or, in Apple’s case, had to draw a line in the sand against federal agencies. In 2017, we’re excited to see how cybersecurity bounces back. At Egnyte, our team is working on a lot of new features and entirely new offerings to step beyond just collaboration and assist our customers in smart content governance,” says Kris Lahiri, Chief Security Officer and co-founder of Egnyte.
“We’re excited about some broad trends in the security landscape, like the way multiple providers combined threat intelligence in the wake of the Dyn DDoS attack. We’ll also be on the lookout for physical tools (like firewalls) beginning to integrate seamlessly with cloud security providers. As the Internet of Things becomes ubiquitous and data residency becomes even more important, it will be an exciting year in our space.”
Preparing for the months to come
There’s clearly a lot to prepare for and be excited about as we move deeper into 2017. To see how OneLogin and our partners can help your organization prepare for these developments, request a free demo here.