Cloud Transformation Predictions 2019
by Yogi Chandiramani, Alex Teteris & Nathan Howe (Zscaler)
With applications moving to the cloud and employee mobility on the rise, organisations must navigate a myriad of network infrastructure and security challenges on their way to making the internet the new secure corporate network. Here’s what some of our European leaders predict for the coming year as enterprises face these challenges.
Prediction #1: IT will take its place as a business enabler
As organisations look at digital transformation in 2019, they do so in an era of significant disruption in which business models need to evolve quickly to keep pace with the digital evolution. Though IT was once in the driver’s seat when it came to strategic decisions about what applications the business should be using, mindsets will be reset from technology controller to business enabler. This shift means we will see CIOs with a more distinct focus on overall business performance and developing a more-user centric IT infrastructure focusing on user experience.
Prediction #2: Traffic will further shift from internal to internet bound
When it comes to network traffic, we expect to see a continued shift from local to internet-bound traffic. While seven years ago it was roughly split between 10% internet and 90% internal traffic, it’s now 65/35 and should move to 90/10 within the next two to three years. Approximately 10% of legacy and mainframe applications are typically too costly to migrate, which may cause a cascade effect on the internal data centre infrastructure.
Prediction #3: 5G becomes a game-changer
The way we connect to enterprise networks is changing as the internet becomes the network where most business takes place. With development well underway, 5G networks will accelerate these changes further, as more IoT and mobile devices come into use. In fact, 5G networks are likely to help power a huge increase in IoT technology, providing the infrastructure required to transmit vast amounts of data. The resulting smarter and more connected world will introduce challenges and opportunities for security and IT teams, and visibility across the entire enterprise network and connected device traffic will be critical in defending corporate assets from attack.
Prediction #4: Application access will be decoupled from the network
Enterprises benefit by providing employees with seamless and secure access to applications, no matter where they are kept. But providing such flexibility means that traditional enterprise connectivity will increasingly give way to a software-defined perimeter and a more user-centric approach. Users expect to log onto their applications simply, without having to consider how they are connecting—that goes for Facebook as well as enterprise networks and applications. Seamless, consistent, and invisible access is key to users. Security must therefore be “baked-in", ensuring that application access doesn't require network access.
Prediction #5: The use of “static” remote access solutions will decline
Users now expect to be able to access applications from unmanaged devices and external networks, so the old way of granting direct, VPN-based access to the internal network is no longer viable. We can therefore expect increased demand for private access services that never connect the user to the network and data centre; instead, they act as an intermediary which then connects the applications to the user, regardless of user or app location. This one-to-many access is not based on a network, and is not static or permanent; it is dynamic and only available when a user requires it.
Prediction #6: The “coconut” security model will give way to the “avocado”
While the “coconut” security model focused on protecting the inside of the enterprise by creating a solid external later, we predict—as flexible working practices continue to increase in 2019—that this concept will reverse in favour of the “avocado” model. This approach is hard on the inside, where critical data is protected, whilst the outside is soft, enabling users to connect easily to applications and collaborate seamlessly with internal and external parties. This model simplifies access for users while protecting the enterprise’s key assets.
Prediction #7: Hardware is on its way out as demand for SD-WAN climbs
The proliferation of cloud services and SaaS applications is leading organisations to rethink their approach to networking and remove outdated hardware. This shift is placing more importance on software-defined wide-area networking (SD-WAN). SD-WAN enables enterprises to smoothly transition from hub-and-spoke networks to direct-to-internet architectures. It simplifies how traffic is routed in the branch and enables improved connectivity to the internet, cloud applications, and the data centre.
Prediction #8: Transport Layer Security (TLS) is set to become the standard internet protocol
The overwhelming majority of internet transactions are now using an encrypted channel. Whereas as a year ago, we would have estimated that around 60% of internet traffic would be encrypted, today it tops 90% in many countries, according to Google. The only way to ensure end-to-end confidentiality is through encryption; therefore, TLS is set to become the standard protocol of the internet in 2019 and beyond.
Prediction #9: DNS remains integral - and becomes a C&C target for hackers
Organisations that rely on centralised Domain Name System (DNS) servers to provide access to internal domains will increasingly adapt their centralised DNS services with local breakouts in the cloud because resolving DNS queries at the point closest to the internet breakout is key to performance. For this reason, we believe there will be an increased demand for proxy solutions that optimise DNS resolution, overriding the destination IP if the answers differ. Meanwhile, threat actors will attempt to leverage DNS to send command-and-control (C&C) communications. DNS is one of the last controlled protocols within the enterprise, and in the wake of WannaCry and NotPetya, we can expect to see more and more techniques emerge that leverage servers that require internet access - such as DNS.
Teteris is principal technology evangelist at Zscaler
Nathan Howe is principal solution architect at Zscaler
Yogi Chandiramani is Zscaler technical director EMEA