Uncertain Future Adds to Security Concerns
Page 1 of 2
As we enter 2009, enterprise IT managers will have even more work to do to focus strongly on securing data in the year ahead. The recession and the move to cloud computing, two seemingly separate issues, will both present challenges in the coming year, says one security expert.
Insider threats will increase as employees, disgruntled at being laid off, may attempt to strike back, Phil Dunkelberger, CEO of encryption vendor PGP Security, told InternetNews.com. Also, governments and enterprises will come under constant attack from cybercriminals who want to get to their data, and the number of data breaches will increase.
"Data is a currency, and, in tough economic times, there is always more fraud, and more people will steal data," Dunkelberger said.
Meanwhile, the move to cloud computing will create more compliance and security headaches, while governments ramp up compliance enforcement. For all these reasons, enterprises will have to secure their data better. "Data is the heart of a business, and all compliance and risk revolves around data," Dunkelberger said.
The focus will change from securing devices, such as servers and disks, to securing data, because the increasingly mobile workforce nullifies security perimeters. "Stuff on your laptop that's encrypted with whole disk encryption is open when you go work on a wireless network in a café," Dunkelberger said.
Dunkelberger suggested corporations implement training programs so employees understand they should focus on securing data, not just the physical devices. However, in tough economic times, training is one of the first areas to be cut.
It's what's inside that counts
The insider threat, always present, will get worse as the massive layoffs due to the recession begin to take effect. In November alone, 224,079 people were laid off, according to the Bureau of Labor Statistics while Rafe Needleman's scorecard on CNET shows that high-tech companies laid off about 112,500, based only on those companies that provided actual numbers.
"Fully half the threats over the past 10 years came from insiders," Dunkelberger said. "IT staff will not be able to oversee them adequately as they are forced to do more with less, and people are cutting out training budgets for security, and these things will put more emphasis on the insider threat than ever before."
Internal breaches, either on their own or in combination with external attacks, were cited as the reason for more than half the cases where confidential data was lost, a survey sponsored by database security solutions vendor Application Security, found.
The security concerns of enterprises will be exacerbated by their increasing use of the cloud, Dunkelberger said. Research firm IDC has predicted that enterprise adoption of the cloud will accelerate in 2009.
As this happens, businesses will lay themselves open to more security headaches, Dunkelberger said. Not only will the cloud offer rich pickings for spammers, but questions of compliance and security will arise.
"Some of your data might be in a cloud in the U.S., some in Europe, some in Asia," Dunkelberger said. "Think about all the different laws, compliance issues and security issues you'll have to deal with on the worldwide Internet. If your e-mails are encrypted and stored in the cloud, how will you do key management? That's going to be a real problem in the cloud."
In cryptography, key management refers to generating, exchanging, storing, safeguarding, using, vetting and replacing the cryptographic keys that provide access to encrypted files or data.
Compliance laws vary between nations, and coping with them on the cloud will become more difficult as governments will begin passing and enforcing more compliance and breach notification laws worldwide, Dunkelberger said.
Europe, for example, does not have breach notification laws, he added. That will complicate things for U.S. companies that store data or do business in Europe as they have to deal with two sets of requirements.
Next page: Online attacks grow