The Internet of Security Things

No, this isn't a tirade on the security of IoT. It's about story about change. Specifically, change and its implications on security.

Change is constant. There's a million different axioms and proverbs about change, so it's really hard to choose just one to sum up how it impacts security. Inarguably it does. And right now there's a lot of change going on that's impacting security.

"Micro" movement like microservices and microsegmentation are dramatically changing perimeters and breaking apart traditional "edge" security into distributed pockets of security, each architected specifically for the application or architecture it's protecting.

The nearly ubiquitous use of HTTP as the de facto application transport protocol (it's the new TCP, you know) has led to an increasing rise in the elimination of network access and an increase focus on application access, as well as more attention being paid to the security dangers inherent in the application layer.

The rise of connected things both internal and external to the data center are of course a concern; putting pressure on networking and security operations alike to adjust in rapid fashion to an increasingly complex array of connections, applications, devices, people and data.

And of course attacks are on the rise, with the DPS of a DDoS having doubled in just the past few years.

These are all changes. Some good, some bad, some inherently neutral, but all impacting security in one way or another.

Out of these interconnected and interrelated trends comes four key areas of concern: web application security, scale and capabilities of access and identity management, operationalization and DDoS protection mechanisms. 

The Internet of Security Things is a quick look at change across all four of these areas and what we can do to start addressing them.