Security — 12 Trends x 12 Months

For the past year now, we’ve been closely tracking the rapidly evolving changes in the enterprise security landscape. From our research into the space, we’ve established 12 trends that we think will be particularly impactful over the next 12 months. Broadly speaking, we expect attacks to continue with impressive scope and impact, and we believe companies will continue to live the adage “detect & respond,” knowing that 100% prevention will never be an achievable goal. With that in mind, here are our 12 trends to watch:

  1. Risk Monitoring & Automation — expands beyond the still-burgeoning Continuous Controls Monitoring of technology systems to incorporate risk levels and merge “Tech Governance, Risk & Compliance (GRC)” with “Enterprise GRC” (e.g., MetricStream).
  2. Identity & Access Analytics — examining characteristics of an identity (user or robot*) to either authenticate that identity (password-less authentication) or to identify suspicious behavior (e.g., by comparing to baselines of usual behavior). Increasingly, new approaches include monitoring digital activity as a biometric or utilizing social media presences as a reference (e.g., Socure**).
  3. Supply Chain Security — the biggest risks for many enterprises will be in their supply chains. Supply Chain Security encompasses IT Vendor Risk Management, Third-Party Access, and Supply Base Management in order to manage the security of vendor integration points (e.g., Evantix).
  4. Security Testing — more frequent release cycles, diversification of programming languages, and faster time-to-exploitation of vulnerabilities combine to make security testing ever more critical. Crowdsourcing of security testing becomes acceptable (e.g., Synack), and in addition, deploying patches in a quick and safe manner becomes more important and easier.
  5. Decentralization of Network Protection — classic internal/external network firewalls are passé. In are protection at the Virtual Machine (VM) level (e.g., vArmour***), inclusion of smart Intrusion Prevention System (IPS) functionality in firewalls, and the addition of the signature-less analytics & response at the end user node. The word “fabric” remains en vogue.
  6. Desktop and Mobile Containerization — using sandboxing features to isolate attacks, preventing or slowing damage to other resources. The focus is also on quicker restoration of normal functionality to the end user (non-attacker), satisfying availability. On the mobile form, we see startups expanding containers/wrappers with more complete mobile protection (e.g., BETTER**)
  7. Secure Cloud Services/Brokers — enabling safe use of the cloud while preventing unauthorized access to the cloud by internal users/applications. Startups may focus on different aspects such as the application context for Netskope, or pursue a lower-level approach such as Trapezoid***, which incorporates BIOS-layer validation.
  8. Specialized Application Servers and Operating Systems — specialized systems have been particularly effective for performance and maintenance objectives (e.g., CoreOS**). Locked down, security-specific systems will proliferate, allowing for software-defined functionality while making compromise more difficult.
  9. Encryption Everywhere — increasing use of encryption in terms of breadth (more systems/applications) and depth (full disk/database) while meeting cost and performance considerations. Effective key and certificate management (e.g., Vormetric) will continue to be paramount and finally not overlooked (see also: Box announcement).
  10. Data Loss Prevention (DLP) — next generation DLP that includes better asset inventories, visibility across structured and unstructured data, and the integration of threat data. Solutions will require less manual data tagging. Also, in a twist, the need for more effective DLP will lead to more widespread use of SSL decryption/inspection, at odds with #9. Example companies in the DLP space include GTB Technologies and Digital Guardian.
  11. Incident Response — technology-powered process improvements to automate the response of low-impact incidents (e.g., Hexadite), while automating the enrichment of other incidents (including threat feeds, machine learning for suggested remediation, and identification of impacted parties).
  12. Big Data Security — securing Big Data environments (see: Big Data [In]Security), as well as using Big Data techniques for security purposes (see: Big Data Analytics for Security and Big Data Security Analytics Landscape)

While we have validated these trends with enterprise technology professionals and security startups alike, we realize our weightings to achieve a “top 12” will differ from others. In the followups to this post, we will be delving into 2 topics in more detail: Supply Chain Security and Risk Monitoring & Automation. Our agenda is to investigate the sub-categories within these topics, discover intriguing startups (or gaps), and publish a more nuanced view of what’s relevant going forward. Given the enterprise expertise within our community, we value your input. Do you have experiences and insights with either of these topics? If so, we’d love to hear about it. Let us know via email!

* Robot: a non-human account (e.g., an application account). As a former consulting client liked to say, “robots are people too.”

** Work-Bench member company (no ownership interest)

*** Work-Bench Ventures portfolio company

Originally published at on March 17, 2015.