Hybrid environments and IoT pose biggest threats to infosec – F5

F5 Forum 2Service providers and enterprises face an insecure networking environment in coming years as more applications, data and services are sent to the cloud, according to networking vendor F5, writes Telecoms.com.

Speaking at the F5 Forum in London, VP of UK and Ireland Keith Bird stressed security is now front and centre not only to the CTO and CEO, but to consumers as intrusion or security breaches regularly make headlines. Bird pointed to the hybrid on-premise/cloud-based environment, in which an increasing number of enterprise and service providers operate, as a huge challenge looming for the information security industry.

“Not so long ago, we looked at just single points of entry. In today’s hybrid world, we’ve got apps in the data centre or in the cloud as SaaS and this is only increasing,” he said. “What we know for sure is that there is no longer a perimeter to the network – that’s totally disappeared.”

“81% of people we recently surveyed said they plan on operating in a hybrid environment, while 20% said they’re now moving over half of their corporate applications to the cloud. Even some of the largest companies in the world are taking up to 90% of their applications to the cloud.”

Given the volume and nature of data being hosted in the cloud, firms are far more accountable and held to tighter information security standards today than they have ever been. The average financial impact of an information security breach is now in the region of $7.2 million, according to F5 research.

“The average cost of a security breach consists of $110,000 lost revenue per hour of downtime – but the effect on a company’s website or application is costing potential business,” said Bird. “The average customer will abandon an attempted session after roughly four seconds of inactivity, so there’s new business being lost as well.”

F5 said of the threats it is seeing at the moment, according to customer surveys, the evolving nature and sophistication of attacks ranks highest, with the internal threat of employee ignorance a close second.

“So what are the top security challenges our customers are seeing?” said Bird. “58% are seeing increasingly sophisticated attacks on their networks, from zero-day to zero-second. 52% were concerned that their own employees don’t realise the impact of not following security policies. Obviously plenty of people said they don’t have enough budget, but that’s not quite the biggest problem facing security departments today.”

F5’s Technical Director Gary Newe, who’s responsible for field systems engineering, said the looming prospect of IoT “scares the bejesus” out of him.

“We’ve all heard about the IoT,” he said before pointing to the connected fridge as a farcically insecure IoT device. “There are 3 billion devices which run Java, which makes it 3 million hackable devices, and that scares the bejesus out of me. This isn’t just a potential impact to the enterprise, but it could have a massive impact on consumers and families. Fitness trackers, for example, just encourage people to give a tonne of data over to companies we don’t know about, and we don’t know how good their security is.”

The scariest bit, Newe emphasised, is the growing knowledge and intelligence of more technically adept youngsters today, and how the rate of technological change will only exacerbate the requirement for a fresh approach to network security.

“Change is coming at a pace, the likes of which we’ve never seen nor ever anticipated,” he said. “We’re building big walls around our networks, but hackers are just walking through the legitimate front doors we’re putting in instead.

“The scariest thing is that the OECD [Organisation for Economic Cooperation and Development] has said the average IQ today is 10 points higher than it was 20 years ago. So teenagers today are smarter than we ever were, they’ve got more compute power than we ever had, and they’re bored. That, to me, is terrifying.”