Enterprise security is always evolving, not by choice but because organizations are constantly facing new security threats. As 2018 fast approaches, let\u2019s take a quick look back at how enterprise security evolved in 2017 and what we expect to see shake things up in 2018.A year of transformation2017 was a transformative year for enterprise security. We saw many organizations continue to adopt big data environments to store the enormous amount of data that they have collected; and in doing so, have been confronted with a new set of security challenges. One of these challenges is to strike the right balance between monetizing strategic data assets, while protecting personal privacy interests.We also saw organizations take a microservices approach to breaking down large monolithic applications. With a microservices architecture, the functions of an application are built as discrete components that communicate with each other via APIs. This approach allows organizations to have a faster, almost continuous development and deployment cycle. But building many microservices components could mean that you also need to enhance your strategy for securing access to the individual components.However, the biggest trend we saw in 2017 was digital transformation - which I\u2019m defining as, technology deployments that address the initiatives that are critical to digital business \u2013 often this means modernization or implementing a whole new way of interacting with customers, partners and employees to improve their experience. It also applies to technology shifts, as we saw the move to the cloud really take off \u2013 as infrastructure moves, security is big consideration to secure all aspects of the cloud \u2013 from the applications that are running in the cloud, to the data being stored there, and the security of access to make changes within the cloud infrastructure.These trends will continue to play a role in enterprise security in 2018, and we see several new areas emerging.DevSecOpsIT has historically operated separately from business units in the enterprise. Breaking down organizational silos has been a challenge for IT leaders that are seeking better ways to support business initiatives. DevSecOps (development, security and operations) has emerged as a new way for cross-functional teams to work together. The devops approach is about bringing new application services to production faster than legacy approaches. Security plays a role in ensuring that continuous delivery practices also embrace good security practices. Secure access control mechanisms like attribute-based access control (ABAC) can also be automated within DevSecOps processes to secure access to APIs, microservices, big data, etc.Securely sharing big dataAs the data deluge continues and more organizations continue to adopt big data systems, it is crucial to protect personally identifiable information (PII), other regulated data, and intellectual property while also being able to securely share information. Organizations are shifting to a policy-based approach for access control, to securely share information between departments, partners and with customers and ensure that only those who are authorized to see sensitive information can.Advanced monitoring and reportingIncreasingly, organizations are looking to implement advanced monitoring and reporting to help identify internal security threats and find culprits within an enterprise. By using data analytics, machine learning and artificial intelligence (AI), organizations can identify anomalies that would otherwise go unnoticed by humans. When attribute-based access control is deployed enterprise-wide, a wealth of activity log data on authorization requests can also be used to enhance reporting and monitoring systems.The journey toward securing the cloudThe move to the cloud has been underway for quite some time with many organizations now adopting a \u201ccloud-first\u201d approach. Enterprises are moving their entire infrastructure to the cloud, which means a need for cloud-native security products and capabilities. A vital security layer is access control to cloud hosted data and other business resources, preferably using an ABAC model. ABAC systems run in the cloud, are used to securing cloud assets, and can be operated as a service - giving maximum flexibility to cloud-first enterprises.Regulatory complianceRegulatory compliance was a challenge within the security industry in 2017 and with GDPR around the corner, compliance will be even more of a challenge in 2018. ABAC can help meet and manage the new regulations by providing centralization of access control, efficient change management and enforcement of privacy preferences across the enterprise.Customer identity and access management (CIAM)Many organizations are focusing on a great customer experience to set themselves apart from their competition, but a data breach can immediately destroy the customer experience and a company\u2019s reputation. CIAM is about striking a balance between customer experience and security, and does not require organizations to sacrifice one for the other. CIAM allows organizations to securely capture and manage the customer identity data while profiling data and controlling customer access to applications and services. This delivers an impeccable customer experience while minimizing the chance of a security breach.Role based to attribute based (RBAC to ABAC)Role-based access control (RBAC) has served as the standard to manage access control for decades. However, as business applications have become more complex and collaboration across a wide range of users is now required, RBAC has given way to attribute-based access control (ABAC) as the preferred industry standard. ABAC provides the most flexible, dynamic and comprehensive authorization model, which meets the demands of modern enterprises.Modern technologies are going to continue to bring threats to organizations across every vertical. As more data continues be generated, it becomes increasingly difficult to securely share. As more organizations shift their infrastructure to the cloud, more organizations need cloud native security products. In the digital age an ABAC model should be every organizations\u2019 first line of defense. ABAC can help prevent insider threats, scale to meet regulation standards and help organizations securely share information.