Next-Generation Datacenters Bring

Next-Generation Security Challenges

Ivan Juras
IDC Adriatics

 IDC Visit us at IDC.com and follow us on Twitter: @IDC

IT Challenges
Q: What are the biggest IT challenges you face in 2013? Please choose up to
three.
Base: All organizations
Increasing cost efficiency of IT

51%

IT project control and management

46%

Modernization of legacy applications

30%

Maintaining security

28%

Assuring budget for IT developments

26%

Driving innovative use of technology

25%

Staffing issues (recruitment, retention)

23%

Change management

20%

Explosion of data volume/storage

12%

Quality of service from our external providers

12%

Measuring return of investment

8%

Obtaining the proper vendor support levels

Consumerization of traditional IT

7%
3%

CIO Summit Vienna Delegates Survey

Source: IDC CIO Summit Vienna Delegates Survey-2013

IDC Visit us at IDC.com and follow us on Twitter: @IDC

One user can be very dangerous

Virus
SPAM/SPIM/SPIT

Click here
Trojans/worms
Botnets (users)
Leakage

DDoS
Hackers/crackers
Social engineering
Adv. persistent threat
Physical damage

Messes up a users smartphone, tablet, PC

Clogs emails, overloads servers, drags down network
performance
Phishing, spoofing, pharming compromise company and
person accounts; ransomwear
The backdoor to spying, data leakage, and unit and even
system control thru keyloggers
PC and/or server hijacked (often through trojans) and used
for spamming, DDoS, and other purposes
Sneaker net, app downloads, shadow IT use with system,
sabotage/theft
And externally
Shutdown of service through multifaceted attack
Motivations vary: hacktivism, money, spying, ransom
I am from the IT dept to help you just need you details
Focused and precise and 100-300% (depending on study)
From device loss/theft to natural disasters

Thats where the money is W. Sutton

Data is the currency; enterprises are the bank. The numbers vary depending
on the study but everyone agrees, protecting information is a challenge
40m

Customer records compromised in Target hacker attack

10k

150k

avg enterprise security events per day

avg enterprise security events per day on active network

86k

Source: PwC, Darkreading, CBRonline, 2014

new pieces malware reported each day

Unit Shipments (Millions)

Blame mobility
1200
39%

1000
800

47%

600
400
52%

-4%

200

88%

-4%

-11%

-8%

0
2011
Smartphones

2012
Tablets

Portable PCs

2013
Desktop PCs

Source: IDC Worldwide Quarterly Smart Connected Device Tracker

IDC Visit us at IDC.com and follow us on Twitter: @IDC

 and what it enables

Interacting and the network of things

2020 - Nearly 30 Billion Devices Installed

~2.5b industrial/auto
~3.7b embedded devices
~5.0b accessories
~2.0b toys/appliances
~4.3b mobile devices
~4.0b networking devices
~4.5b computers
~24b devices!!

 along with the 3rd Platform

The story is getting old among the IT and vendor community
through 2017 the CAGR of 3rd Platform is 10.6%

WW CAGR:

20-30%

Growing 6x faster than IT market

But also predictive security

EU ESN CAGR: 39.9%

WW smartphones: 1 in 6

2014 IDC Visit us at IDC.com and follow us on Twitter: @IDC

The 3rd Platform Requires a Different Type

of Infrastructure
Disaggregated:

Re-aggregated:

Hyperscale
datacenter
Resource level
Greenfield
Homogenous
Density optimized
Capex optimized
Singular app
portfolio

Enterprise
datacenter
System level
Legacy
heterogeneous
Bladed/Converged
OPEX Optimized
Complex App
Portfolio
IDC 2013

Integrated Systems Maturity Curve

Consolidate

Virtualize

Optimize Achieve Full

Consistency
And
Automate

~10%

System
Management

System
Management

I/O
convergence

I/O
convergence

Virtualizati
on Layer

Virtualizati
on Layer

Virtualizati
on Layer

Shared
Storage

Shared
Storage

Shared
Storage

Shared
Storage

Rack and
blades

Rack and
blades

Rack and
blades

Rack and
blades

~25%
EU
organizations

Bring Resources
to Datacenter

Reduce
physical
servers

Storage, server,
network aware
of each other

Build or Rent
Application Specific
Systems

Certified
configurations

~15%

~50%

Build and Integrate

Cloud Capacity

Speed up
deployment

Whats the main security threat?

Next Generation Approach

10

Problems in the Datacenter

All Datacenters
Downtime due to human error
Downtime due to system failure
Run out of IP addresses
Downtime due to natural disasters
Security breaches
Regulatory or compliance issues
Insufficient bandwidth into or out of the datacenter

Latency issues
00

05

10

15

20

25

30

35

40

45

50

% of respondents; N = 401
Source: IDC, 2014

Who handles the security?

IDC Visit us at IDC.com and follow us on Twitter: @IDC

11

Who handles DC and cloud security?

(One possible grid with some unanswered questions)
In-house IT

Private Cloud
(on premise)

Public cloud
(IaaS)

Public cloud
(PaaS)

Public cloud
(SaaS)

Physical security

user

user

provider

provider

provider

Security services

user

user

user

user or
provider

provider

Data protection

user

user

user

user

provider

Application
protection

user

user

user

user or
provider

provider

Supply chain
protection

user

user

provider

provider

provider

Staff training/
surveillance

user

user

???

???

???

ENISA Threat Landscape, Dec 2013

CEE Security Software Market by

Foundation Type in 2013
18%
Endpoint Security

11%
57%

14%

Security &
Vulnerability Mgmt
Identity & Access
Mgmt.
Other modules

Total: < $800 M

IDC Visit us at IDC.com and follow us on Twitter: @IDC

CEE Security Software Market by Vertical

Type in 2013
18%

12%

50%

11%
9%

IDC Visit us at IDC.com and follow us on Twitter: @IDC

Home
Banking
Central Government
Telecommunications
Other verticals

 And Threats Are Evolving

Source: Incapsula 2013-2014 DDoS Threat Landscape Report, www.incapsula.com

IDC Visit us at IDC.com and follow us on Twitter: @IDC

16

INTERNAL
THREATS
DRIVE THE
NEED FOR
DLP

IDC Visit us at IDC.com and follow us on Twitter: @IDC

Deploy messaging
security to monitor and
prevent sending of
sensitive files/data
Use IAM to link user
credentials, identities,
roles with data
access/usage rights
Protect endpoints with
file and disk encryption
Prevent the accidental educate end-users on
policies and best
practices

17

YOU MAY BE
BUT DONT BE THE
NEXT NEWS STORY !

IDC Visit us at IDC.com and follow us on Twitter: @IDC

18

Security SaaS Growing Worldwide

US$M

Global Security SaaS Revenue by Segment

1000

2012 Total: $2.9 billion

2013 Forecast: 15.2%

growth

Mobility and the

consumerization of
enterprise IT key factors

900
800
Identity and Access
Management

700

Messaging Security

600
Endpoint Security

500
Security and Vulnerability
Management

400

Web Security

300
Network Security

200
100

0
2010

2011

2012

2013*

* Forecast

IDC Visit us at IDC.com and follow us on Twitter: @IDC

19

Conclusion change is accelerating

New world taking shape on the 3rd platform: data centers need to
adapt, security needs to adapt.
Create roadmaps for datacenters and for security: while they will
involve technology, they are also very much about management.
Adopt a solution mindset: complexity is expanding, the IT depart.
cannot handle it all. For DCs, this means hybrid cloud environments;
for security this means a mix of SW, service, and appliances.
Drip-feed training: continuous discussion needed especially for
security to make it a frame of mind (4/10 large firms have no training)
Convince senior management: the CFO and CEO need to make
security a priority and let it be known to all it is a priority.
Prepare psychologically for the hard work ahead: BYOD
management often creates waves; constant security checks too; data
center migration and restructuring will cause headaches, etc.

Thank you!

Ivan Juras
Research Analyst
Marketing & PR Specialist
IDC Adriatics (Croatia)
ijuras@idc.com
+385 1 30 40 054

IDC Visit us at IDC.com and follow us on Twitter: @IDC

21

DDoS and Botnet Attacks Increasing

2013: Rapid increase in peak attack volumes and bot sophistication
Q1 2014: Upward trend continues with several ~100Gbps threats

Source: Incapsula 2013-2014 DDoS Threat Landscape Report, www.incapsula.com

IDC Visit us at IDC.com and follow us on Twitter: @IDC

22

Security Appliances The Growth of UTM

Security Appliance Product Market Share in CEE
by value, % of total

38

Firewall

35

Unified Threat Management (UTM)

37

Plug-and-play deployment allows

for easy use and low admin

Generally more efficient than endpoint deployments (though it can

impact latency and bandwidth if
appliance does not keep up with
traffic)

22

15
14
12

Adoption of multi-function
appliances and gradual
displacement of single-function
appliances

13 Content Management (Email, Web)

12 Intrusion Detection and Prevention (IDP)

Reduced technical training

requirements

Simplifies to single point of admin

(but also means there is a single
point for potential failure)

02 Virtual Private Network (VPN)

2010

2013

Source: IDC, 2014

IDC Visit us at IDC.com and follow us on Twitter: @IDC

23

Enterprise Architecture MaturityScape

Security MaturityScape

Source: IDC, 2014

Mobile device security threats and management

Q. What are the top threats to mobile devices (whether personal or company-owned)?
Insecure or loosely secured privacy
settings on legitimate apps
Mobile malware

Malicious apps

Loss or theft of mobile devices

Mixing of work and personal apps

data on mobile devices

0
Total (n = 200)

%
10 20 30 40 50 60 70 80

IT controlled (n = 75)

BYOD (n = 125)

Source: IDCs US Mobile Security Survey 2013

IDC Visit us at IDC.com and follow us on Twitter: @IDC

26