The breach of 40 million credit card records disclosed by retail giant Target has reminded us that the battle to secure data will never be over. It is a war without end.
And it's not just the "bad guys" who challenge network security professionals. Edward Snowden's revelations about widespread surveillance by the National Security Agency (NSA) has taught companies that criminal hackers and hacktivists aren't the only threats to their data.
With the New Year upon us, SearchNetworking asked John Kindervag, principal analyst at Cambridge, Mass.-based Forrester Research, to predict what network security professionals will be facing in 2014.
Universal cloud encryption is essential
The surveillance controversy surrounding the NSA has many enterprises worried about their data, especially data they send to the cloud, Kindervag said. Cloud encryption will be a priority.
"People want to encrypt a lot more stuff than they ever did before, and a lot of that [desire to encrypt] is for data going to the cloud," he said. To that end, the network security industry will need to deliver technology that helps enterprises encrypt that data.
"[Cloud encryption gateways] are essentially a new product category," he said. "They are just a gateway that allows you to encrypt data before it goes to the cloud."
Kindervag said his clients at Forrester are typically conservative. They mostly invest in mature technologies. But in the case of cloud encryption gateways, a market that is mostly dominated by startups, conservative enterprises are buying in early. Kindervag said larger network security vendors will probably try to acquire companies in this market in 2014.
"Microsoft announced they were going to adopt more encryption. Every vendor is adopting more encryption," he said.
Enterprises are also worried that their WAN links are vulnerable to government snooping, Kindervag said. As a result, some enterprises will start encrypting data crossing their MPLS networks. "More people will build their own WANs by using IPsec site-to-site tunneling on the public Internet. Oftentimes, they won't have an SLA [service-level agreement] from these services, but they are much more simple to build than they ever were."
Legacy firewalls and intrusion prevention become dinosaurs
Stateful firewalls and intrusion prevention appliances will become less and less relevant in 2014, Kindervag said. In fact, their markets will "dry up." Next- generation firewalls, which have been booming for a few years, will be the undisputed mainstream network security platform next year, especially since wider adoption will lead to lower prices.
More on these network security topics
Enterprises rethink their WAN architecture in cloud era
Cloud providers should give network engineers better visibility into IP address ranges
Evaluating next-generation firewalls
Security implications of VMware NSX
"Standalone [stateful] firewalls and intrusion prevention will be limited to specialized use cases," he said. "There won't be any reason to not use a next- generation firewall for most companies because it won't be any more expensive to have a next-generation firewall. [Improved] performance and manageability of next-generation firewalls will continue driving that."
Network virtualization a boon and an obligation for network security
Virtual network infrastructure security will be a major focus for enterprises in 2014 as IT organizations install such products as VMware NSX and Juniper Contrail in their data centers. Kindervag said network virtualization has the potential to positively affect network security because automated and orchestrated software configuration will replace manual hardware configuration, thus removing human error and bottlenecks from security updates.
"It will be incumbent upon security vendors to establish partnerships with virtual network players, as well as software-defined networking players," he said. "I see a huge demand from my customer base for virtual networking."
Some network security vendors are already aligning themselves with network virtualization platforms. Palo Alto Networks, for example, has integrated its next-generation firewall into VMware NSX. McAfee, Symantec, Trend Micro and Rapid7 have also partnered with VMware NSX.