Cybersecurity is constantly changing! | Texas Integrated Services

Cybersecurity is constantly changing!

Cybersecurity is a field that's constantly changing, and we're going to see a lot more of that change over the next five to 10 years. I think our field is shifting. It's shifting from a field that's full of technical doers, to one that's full of integrators and consultants and advisors. And there's three main trends that are really pushing us in that direction. The first one is cloud. By moving a lot of our services to the cloud, whether it's infrastructure as a service, platform or software as a service, we're putting a lot of the deep technical responsibility on those cloud providers.

And certainly, those cloud providers then need security professionals who are capable at working at really low levels in the stack, but it means that our organizations don't. So there's going to be fewer of those types of positions available. In internal IT organizations, we're gonna find ourselves shifting more from positions where we're building our own sans, to ones where we're trying to figure out how to use the security controls offered by our storage providers. So that's one big shift. The second game changer for cyber security is mobile.

We've seen a lot of evolution in the mobile space in the past few years. And a lot of that's been driven by the consummerization of IT. We have employees now who are carrying around in their pockets technology that's far beyond what we ever had in the office a few years ago. And what this is doing is it's setting expectations for IT, and it's doing that in a good way. It's raising the bar and making IT organizations step up and deliver a really solid experience to end users. But at the same time, we're seeing mobile cause some security things that we need to think about a little differently.

People are bringing devices that they own into the office, and we have this whole trend towards bring your own device policies, where organizations are encouraging this. And that's a big shift, and what it's doing is it's moving our focus on security away from a network perimeter and towards the security of data. We can't really secure a network location anymore because those network locations are moving all over the place. What we really need to do is focus on the data and make sure that wherever our data goes, it's secure, whether it's on a corporate owned laptop or a server, or whether it's being accessed by an employee on the road using a mobile device that belongs to him or her.

Really, the situation changes quite a bit, and that's really a big shift for cybersecurity professionals. Then the third game changing development we're seeing in cybersecurity, and this is really just starting to emerge, is the Internet of things. You can't really walk around a store anymore without seeing smart this or smart that. And it started with smartphones, and then moved to smart televisions and other things, and now I even have a smart sprinkler system in my house. You know, if I look around my house now, I have over 100 networked devices in my home, and you probably do too, if you start to think about all the different things that can access a network.

That's only going to continue to evolve as processors get cheaper, networking technology gets cheaper and easier to use, and backend cloud services are developed that can handle and process all of this data and really enable us to do fun and exciting new things. What that causes for us in the cybersecurity profession is some new things that we need to think about. First, some of those consumer smart devices that are beginning to form the Internet of things are making their way to the office. Maybe somebody brings in a network-enabled photo frame for their desk.

Or we start seeing tablets and other devices that people are bringing in. All of these things kind of leak into the office and start joining our networks. And then even businesses are actually starting to deploy Internet of things scenarios to help achieve their business objectives. You know, if it's a manufacturing organization, they probably already are using all sorts of sensors on the factory floor. But even in my office at the university, we just had a smart thermostat installed the other day to help manage temperature. So, all of these things are joining our networks, and we need to make sure that they're secured to the same standards that we use for computers and other devices, because anything on the network can pose a risk to anything else.

So we really just need to think about network segmentation, separating things that might be risky from other devices, and making sure that the devices that are connected to the network are configured and maintained in a secure manner.