In addition to many enhancements to security technologies, you should also be aware of three more areas of emerging security technology.
1. Data Leakage Prevention (DLP)
As the value of data continues to climb, DLP technology should see wider implementation. The technology is already heavily used in the financial industry.
New government regulations will help drive the implementation in other sectors, most likely in health care. DLP is most concerned with the protection of data at rest (i.e., when data is stored) or transmitted between systems or networks.
With more employees working remotely, it can be difficult to secure the entire work environment, as the endpoint used to connect to the corporate network could be a personal laptop in a coffee shop.
The employee’s personal laptop may be protected and secured; it could even be a company laptop. However, the medium used to connect—free Wi-Fi—is not secure. By using DLP, the data in the cloud is scanned for alteration and access. The systems accessing the data are assessed for compliance to corporate policy and may be blocked from access.
Biometrics identify a user based on anatomical characteristics such as a fingerprint, voice print, or iris patterns. These methods of identification have a number of advantages over passwords, tokens, or ID cards.
First, biometric authentication requires the person being authenticated to be physically present. Second, biometric security removes the need to remember complicated passwords. No more passwords taped under keyboards; you carry your password with you wherever you go. Finally, biometrics remove the need to carry a token or ID card with you. You do not have to worry about not being able to work when you leave your token on the kitchen table at home.
The areas where biometrics are currently being investigated include ATMs and computer networks. Biometric readers integrated into ATMs are becoming more popular because they tie a level of nonrepudiation—removing the ability to deny that you made the transaction—to the withdrawal of funds.
3. Virtualization Security
As virtualization and cloud computing continue to gain ground, a new generation of virtualization-aware security tools are under development. Antivirus, vulnerability management, data leakage prevention, and IDS/IPS technologies are all being developed to run against the underlying hypervisor layer.
The hypervisor layer is the hardware or software on which virtual machines run. This gives the security applications direct access to the underlying data transport layer of the virtual environment, rather than forcing it to run against each virtual server, dramatically improving performance, visibility to security issues, and ease of use.
In multi-tenant environments (multiple companies sharing the same virtual environment), additional security tools are being developed to ensure that no access occurs between the virtual environments.
IP Version 6
IPv6 is the next-generation IP version and the successor to IPv4. Although the main driving force for the redesign of Internet Protocol was the rapidly approaching exhaustion of IPv4 addresses, IPv6 has significant implications to future information security professionals.
IPv6 includes a native information security framework (IPSec) that provides for both data and control packets. So, what you currently do with a traditional VPN you will be able to do natively with any IPv6 device. At a high level, this means you can run your IPSec VPN without requiring a client, but the implications are significantly more profound.
In a fully IPv6 environment, any connection can use an IPSec connection. Thus, any connection from a user to an application, a host to a host, or even a peer to a peer authenticates and encrypts as it passes across the network.
The thought of a network featuring nothing but secure connections seems like a security professional’s dream configuration, but you should also consider some drawbacks before undertaking your IPv6 migration project. One of the challenges with encryption is that it not only secures data from attackers, but it also secures the data from authorized users.
A number of security technologies like IDS/IPS, content filtering, network-based antivirus, data leakage prevention, and even firewall technologies rely on the ability to look at packets to determine how each should be handled. Once those packets are encapsulated in a secure IPSec connection, all of the security tools you have relied up on stop working.
With the limited deployment of IPv6, significant development on solutions to overcome these challenges has not occurred yet, but it will be a subject of great interest as the use of IPv6 expands.
VPNs, Firewalls, and Virtualization
Some Secure Sockets Layer (SSL) VPNs have the ability to provide a unique virtual VPN configuration for each individual user group. Much like other types of virtualization, a virtualized SSL VPN allows you to separate the physical and logical use of the VPN. In the future, this capability could extend to IPSec VPNs, as well. This technology offers some unique abilities when configuring secure VPN contexts for different user groups, but you need to understand the additional complexity.
A misconfigured virtual VPN context could expose parts of your network to groups that should not have access. For example, if you are using a virtualized VPN to provide customers access to a help desk ticketing system, and you inadvertently grant that context access to your intranet where all your pricing information resides, you expose the organization’s proprietary data to unnecessary risk.
Virtual firewalls are a relatively new and growing area of technology. Currently, some firewalls on the market can partition into multiple virtual firewalls. Each virtual firewall appears to be a separate firewall with its own security policy, interfaces, and configuration. This allows you to use your firewall hardware more efficiently than you might otherwise, but once again, additional risks occur with the deployment of virtual firewalls.
First, firewalls exist that support this technology, but not all firewalls support all features in the virtualized environment. Before you deploy a virtualized firewall, be sure that it supports all the features you need to meet your business and security requirements. This is a very promising technology, but it is also very new. Sometimes early adopters can find themselves encountering issues the vendor did not discover during the quality assurance processes.
Next, you are relying on the logical segregation of firewalls rather than on the physical separation offered by multiple physical firewalls. While this technology remains new, do some testing before deploying virtual firewalls into a critical environment. Finding that there is a way to bypass the virtual security and move from one virtual environment to another would not be good if you are using the firewall to separate two customers connected to your network.
Finally, this model suffers from the same complexity challenges with respect to the virtual VPNs. Any time you have a solution that offers greater flexibility, you also open the possibility for greater complexity. Complex environments are almost always more difficult to secure, monitor, and manage than simple environments.
In spite of all the challenges associated with virtualizing security technologies like VPN and firewalls, a compelling business case exists for leveraging hardware more effectively in a virtualized environment. Be sure you understand the technology thoroughly before deploying it. Information security is seldom a forgiving field for learning as you go.