Ah, security, the word that’s on everyone’s lips. Necessarily, it seems, from the almost-daily reports of data breaches we keep on seeing.
Things are only going to get more complicated for security professionals as new technological and social trends emerge. Think about virtualization, the cloud, social networks, twittering, and the readiness of people today to put their information on the Web for everyone to see (and possibly steal and misuse).
IBM has come up with a list of nine trends that will shape the security environment over the next five years.
Here they are:
1. Securing virtualized environments — always a headache, because the traditional approaches result in so much network chatter that they gulp down bandwidth like it’s going out of style;
2. Alternative ways to deliver security (think pre-packaged solutions such as real and virtual appliances, cloud-enabled services and software as a service, the last being why Symantec acquired MessageLabs);
3. Managing risk and compliance. Lots of vendors are bringing tools for this because it’s such a lucrative area. Security is increasingly a matter of managing risk because it’s not a question of whether an enterprise will be hacked, but when, so companies have to devote more resources to protecting the most mission-critical applications and take a strategic approach; and, as for compliance, the operative phrase is “Guard your data.”
4. Identity governance. If you have accounts on multiple social networks, and multiple e-mail accounts, and most of us do, you have multiple digital identities, which means individuals and businesses will need to manage these.
5. Information security — the need to base decision on secure information sources of high quality becomes important, and companies like Informatica, which cleanse and unify data, become increasingly important.
6. Predictable security of applications — service oriented architecture, which leads to Web-based composite applications, is all well and good, but it creates new points of vulnerability that have to be guarded closely.
7. Protecting the evolving network. Hackers are increasingly attacking applications, and one of their favorite targets is databases, which they hit with SQL injection attacks. One of the most prominent victims of this was Businessweek — one of its Websites was hacked to redirect visitors to a Website containing malware.
8. Securing mobile devices — as mobile devices become a trusted channel for conducting business, they will become the focus of attacks. Various sites on the Web, including this one, talk about how to hack different types of mobile phones.
9. The convergence of IT and physical security. Digitization, advanced analytics, correlation and automation help improve a physical response to security breaches. Early versions of this are motiion sensors and video cameras linked to the police or a security firm.
Implementing all nine approaches is a tall order for any enterprise but, as the number of attacks increase and the bad guys get more sophisticated, the need for a co-ordinated, wide-ranging security policy will grow.