{"id":7578,"date":"2014-12-05T06:00:11","date_gmt":"2014-12-05T14:00:11","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=7578"},"modified":"2015-10-07T15:21:53","modified_gmt":"2015-10-07T22:21:53","slug":"2015-predictions-datacenter","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2014\/12\/2015-predictions-datacenter\/","title":{"rendered":"2015 Predictions: Datacenter"},"content":{"rendered":"

As 2014 comes to a close, our subject matter experts check in on what they see as major topics and trends for the new year. (You can read all of our 2015 predictions content\u00a0<\/em>here<\/em><\/a>.)<\/em><\/p>\n

\"2015<\/span><\/div><\/p>\n

 <\/p>\n

1. Cloud security will become less cloudy<\/strong><\/p>\n

It\u2019s amazing how fast things change. It was not that long ago that cloud computing skeptics said that no one will use the cloud for business applications because of the security issues. Now we hear from customers that they are moving entire datacenters \u2013 not just select applications \u2013 to the cloud. Why? Ubiquity is one reason. Reduced costs are another. Finally, they are realizing that security -- specifically next-generation security -- can be used to protect their applications and data from advanced cyber attacks. But traditional, port-based security technologies cannot exert the same levels of control.<\/p>\n

With the recent release of our VM-Series<\/a> for both Amazon Web Services and KVM joining Citrix SDX and VMware ESXi and NSX support, 2015 will be the year that customers can protect their public, private or hybrid cloud-based applications using the next-generation firewall and advanced threat prevention features found in our enterprise security platform<\/a>. Further clarifying cloud security will be the elimination of the time-lag between virtual machine provisioning and security deployment through the use of native automation features such as VM-monitoring, dynamic address groups and the XML API.<\/p>\n

2. The benefits of network segmentation based on Zero Trust will be realized<\/strong><\/p>\n

During a recent customer visit, a tenured networking professional challenged our discussion around network segmentation based on Zero Trust principles, stating he had been segmenting the network for security for years. \u201cSo what\u2019s new here?\u201d he asked. Conceptually there is nothing new here; rudimentary network segmentation can be done by routers, switches and even firewalls. The key difference is in the level of granularity by which we can segment the network.<\/p>\n

The rash of recent high profile breaches -- where attackers hide in plain sight on the network -- points to the need for segmentation principles that are more advanced than mere port, protocol or subnet. As the conversation with this networking professional continued, I pointed out that with the application identity, a view into the content and knowledge of who the user is, we can segment business critical data and applications in a far more granular fashion than rudimentary segmentation would allow.<\/p>\n

Specifically, we can verify the identity of specific business applications, forcing its use over standard ports and validating the user identity. We can find and block rogue or misconfigured applications -- all the while inspecting the application flow for file types, and blocking both known and unknown threats. In 2015, I expect to see many organizations continue to re-think how they are segmenting their network and applying Zero Trust principles of Never Trust \u2013 Always Verify using the application, the respective content and the user as the basis for policy enforcement. The benefits our customers will begin to realize include improved security posture with less administrative effort.<\/p>\n

3. 2015: The year of focus<\/strong><\/p>\n

According to IDTheftCenter.Org, 2014 had, as of Dec 2, 708 data breaches resulting in the loss of more than 81 million records<\/a>. That represents data from roughly 25 percent of the U.S. population and the year isn't even over. So in the spirit of Christmas, my last forward looking 2015 entry isn\u2019t a prediction but a wish. While I don\u2019t believe we will ever know the details behind the 700+ breaches, it\u2019s safe to say that there were multiple steps along the way where someone could have said, \u201cWe could have been more focused here.\" My 2015 wish is that users, netsec professionals and executives all become more focused on their respective network security responsibilities.<\/p>\n