In the arms race between security specialists and threats, it's hard enough keeping up with advisories, warnings of potential problems and new philosophies of safe IT, let alone mixing in the rapidly changing technological and economical implications of the connected environment.
The continuing economic downturn could lead to more instances of cybercrime, with a corresponding tightening of security budgets. That was the gloomy prognosis of security experts at a recent CSO interchange event, where chief security officers met to swap war stories and ideas. Cloud computing and the outsourcing of business IT processes are hot topics at the moment, as is virtualisation, due to the apparent cost-savings.
Andy Buss, senior analyst at Canalys, believes the current trend towards cloud computing and security software-as-a-service (SaaS) is likely to continue. "Cloud computing is starting to establish itself as viable. There are possibilities in security as a managed service," he says. "In-the-cloud firewalls and services allowing mobile workers to access cloud-based applications [are also likely]."
Buss expects to see more security applications being delivered virtually over SSL encrypted VPNs (virtual private networks) next year. This would not be a move to using thin clients, says Buss, but the use of virtualised applications to cut the costs of data replication.
People need to work out how they will link these virtual applications, provided by different vendors, into a common security network, he says. "We need services where everything you do follows company policy, to get more corporate control. Say you have Salesforce, hosted CRM from SAP, plus hosted email services — how do you protect all of those while providing mobile access?"
Buss also sees the use of managed email services increasing next year. Symantec's acquisition of MessageLabs in 2008, with Cisco buying IronPort and Google scooping up Postini in 2007, means more choice for enterprises thinking of countering email-borne threats through web services.
"There have been new technologies launched in web-threat security, while there are more and more interactions with the web," says Buss. "Companies need to be able to classify where emails are coming from — that could be by using web reputation or IP reputation."
Buss believes using web services to pre-clean files and applications could allow companies to get more performance out of their existing backend systems. He expects networking security also to be increasingly important to businesses in the coming year.
"As we see a move towards higher bandwidth usage, we'll need more distributed security in the network," he explains. "People want to embed security in the router, as close to the metal as they can."
Talkback
Cybercrime and outsourcing were named top security concerns according to a new study conducted by The Ponemon Institute. The survey found that 50% of IT operations professionals viewed outsourcing as an imminent and near-time critical risk, while more than 75% of IT security professionals noted cybercrime a major issue - despite concerted efforts to thwart hackers in recent years. In tandem, survey results highlighted an increase in shared thinking between traditionally disparate IT functions within the organisation - IT operations and IT security.
With the emergence of consumer technology in the workplace, coupled with social networking and Web 2.0 technologies and the increased sophistication of cyber criminals, truly securing an organisation's IT environment is an uphill battle In the next year or two, these challenges will increase in both the breadth and depth of threats - the companies surveyed made this very clear. The key for both IT operations and IT security is to find the common ground necessary to better-wage this security battle together.
Given the breadth and depth of security breaches spanning the globe this year - all of which have had a long-lasting negative impact on organisations and consumers alike - IT security and IT operations professionals have an increasingly critical task at hand, to protect sensitive data wherever it lives in an organisation.
The survey was developed to better understand if certain publicised IT risks to personal and confidential data are truly a concern for organisations in the next two years. Based on interviews with IT experts in operations and information security, the following eight mega trends rose to the top: cloud computing; virtualization; mobility and mobile devices; cybercrime; outsourcing to third parties; data breaches and the risk of identity theft; peer-to-peer (P2P) file sharing and Web 2.0.
Key Findings from the 2008 Security Mega Trends Survey include:
* Outsourced IT is a Major Concern: As companies look to reduce costs based on economic factors in 2009, outsourcing will continue to be an attractive option for efficiency gains. The security risks associated with outsourcing are tremendous according to survey data. The top risks posed by outsourcing according to IT security (50%) and IT operations (59%) respondents is the exposure of sensitive information to third parties and the threat that that data will be improperly protected in transit.
* Data Breaches and Cybercrime are on the Rise: Survey results indicated that the biggest concern relative to data loss is the threat of data making it into the hands of cyber thieves (46% for IT security and 24% for IT operations), thus wreaking continued havoc not just on the customers whose data was stolen but also on the organisations responsible for that lost data. IT survey participants reported that 92% of the organisations have experienced a cyber attack. The injury to corporate brands as a result of a major data loss incident is critical, especially in an economic downturn
Workforce Mobility Contributes to Data Loss: IT security and IT operations' respondents (96% and 91% respectively) agree that employee mobility introduces a significant threat to securing corporate data as it diminishes IT's ability to properly identify and authenticate remote users on the network.
* Emerging technologies - Web 2.0, P2P, virtualization and cloud computing - are growing in prevalence with Cloud computing causing the most concern: The influx of new technologies - both business and consumer technologies - has opened additional avenues for cyber thieves to steal trade secrets and confidential business information. Cloud computing came out on top with 61% of respondents ranking it as a major security concern among the emerging technology trends. Virtualization was perceived as the least concerning at this time, though survey respondents cited all of these types of technologies as key concerns in the next year, where the increased risk to expose sensitive data ranked highest among both respondent groups.