/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsThe year gone by opened with Operation Auroraa cyber attack that targeted a few dozen fortune 500 companies; followed by WikiLeaksone of the biggest data breaches ever seen, that exposed thousands of secret US government documents; and was punctuated with no less than Stuxnetone of the most sophisticated cyber attacks ever engineered that was capable of bringing down several nuclear sites in Iran.
While no crystal ball can forecast what the next big security risk will be, lets take a look at the current state of IT security, and outline some of the major IT security trends.
/dq/media/post_attachments/67c6cdba78282f2597479f128164d9bdb10180346fc71767de1751617c9734f6.jpg)
Trend #1: VirtualizationThe Rush Continues
According to a Morgan Stanley study, CIOs will continue to massively virtualize their production servers in 2011, upto 55% compared to 42% in 2010. An Information Week survey from June 2010 reveals that 28% of companies already have private clouds in place, and 30% of them plan to have one.
Yet the virtualization trend still brings forth numerous security issues. The lack of specific, virtual network skills in security teams and the high cost of new information security solutions are two of the main obstacles outlined by decision makers. In addition, the regulatory compliance issues, lack of security best practices for server virtualization, and the fact that one cant import the existing security tools from physical to virtual world, are seen as additional challenges holding back the move to virtualized environments.
Trend #2: Cloud Computing
Cloud computing, like virtualization, represents a very big challenge for security. Enterprises should be warned from the risk of plunging too quickly into the trend. According to Morgan Stanleys 2010 CIO cloud survey, data security and loss of control appear as enterprises greatest concerns when it comes to cloud computing followed by data portability and ownership, regulatory compliance, and the question of reliability.
Trend #3: IT Consumerization and Mobility
Consumer hardware, such as smartphones (for example, iPhone, BlackBerry, or Android devices) and consumer services, such as online instant messaging, social networking, and IP telephony (Facebook, Gmail, Twitter, YouSendIt, MSN Messenger, or Skype) have now found new functionality in the workplace. This trend is also called IT consumerization.
Integrating all these private devices, applications, and technologies into the enterprise brings distinct security challenges. In particular, enterprises must ensure that all corporate data and resources transiting on these mobile devices or services are protected, while guaranteeing their employees with access to the network anytime, anywhere!
Trend #4: Threat Sophistication
Many internet attacks spread by using automatic robots that scan the web for possible vulnerabilities, making everyone a target for such exploits. As a result, attacks are becoming harder for the average businesses to detect.
In 2010, over $2 bn financial loss was reported due to cyber crime.
Trend #5: IT Consolidation and Security Complexity
Managing the complexity of security is a growing concern, frequently raised by organizations of all sizes. According to the InformationWeek 2010 survey of security decision makers, it is by far the biggest information and network security challenges companies face currently.
Security environments today have become more complex than ever, as businesses constantly struggle to raise their level of security and cope with the latest security threats. As they add more layers to their security infrastructure and deploy a variety of point products for specific protections, organizations often end up managing 15 different systems, vendors, and platforms. Not only does this become very difficult to manage, it is also not very efficient and can be very expensivefinancially and operationally. Administrators need to manage a multitude of network security technologies and point products, such as IPS, firewall, VPN, antivirus, antispam, network access control (NAC), data loss prevention (DLP), and URL filtering, etc. Not only do organizations need to deploy these various technologies on the network level, but are also faced with managing these protections on a growing number of endpoints, such as smartphones, laptops, and other portable devices used for business.
Trend #6: Data Security and Data Loss
From customers databases, credit card information, business plans, and financial records to corporate emailsthe amount of electronic data is clearly proliferating within enterprises. Safeguarding these multi-gigabits of sensitive data is an absolute must for businesses, if they dont want their innermost corporate secrets to be leaked and exposed to the outside world.
The major sources of data loss across organizations and enterprises include: USBs and laptops, corporate email, public webmail, Wi-Fi networks, CDs and DVDs. In fact approximately 1 of 5 emails that leave the corporate network contains content that poses a legal, financial, or compliance risk. Luckily, there are security measures, such as media/hardware encryption or a preventative data loss solution that can help organizations alleviate that risk. The WikiLeaks case should serve as a reminder to all companies about the need for a layered and holistic approach to data security.
Trend #7: Web 2.0 and Social Media
/dq/media/post_attachments/8629573b1c1f2ca79fb60387faaef1e96ad65b4c62bb1fa7014297cd494138e6.jpg)
An average user spends about a quarter of his working day surfing the web, sharing content, downloading files, chatting, blogging, or watching online videos. Facebook, which is the leading social network portal, has become the third largest populated application platform in the world and monopolizes about 7% of all business network traffic every day.
Businesses should prepare to face the increased risks associated with enhanced social networks and Web 2.0 application usage. According to The Economist, 45% of the 100 most popular websites support user generated content, and 60% are infected with malware. In addition, many web applications present vulnerabilities, for which no patches are supplied by vendors. Therefore, in 2011 it will be vital for enterprises to start reinforcing their and their employees security policies. This level of application control enables organizations to enforce better, more effective security, without inhibiting employees.
Because traditional tools like IP based firewall policies and URL filtering have reached their limits in the Web 2.0 environment, organizations need new security controls that can differentiate between the thousands of applications running on the internet.
Trend #8: Governance, Risk and Compliance: Enterprises Bottleneck
Enterprises are under a regulatory compliance overload, not to say, overdose. Organizations today not only struggle to keep up with the various vertical regulations, but also with a variety of state laws, EU directives and other local data privacy and data breach notification laws. Public companies, for instance, need to adhere to Sarbanes-Oxley Act (SOX). Healthcare organizations need to adhere to Health Insurance Portability and Accountability Act (HIPAA), and Health Information Technology for Economic and Clinical Health (HITECH), as well as PCI Data Security Standard (PCI DSS). Financial services institutions need to adhere to Gramm-Leach-Bliley Act (GLBA), as well as BASEL II. Those are only for the most common and standard regulations.
According to the Information Week 2010 survey, industry and government compliance mandates are the most influential factors driving security programs today. As companies start massively virtualizing their data centers and IT environments, the level of security complexity will continue to rise.
Trend #9: Cost Reduction
Despite the economic recovery in progress, businesses are still under pressure to drive down infrastructure and operational costs. IT budgets remain tight, and CIOs are looking for the biggest cuts in their budget line itemscurrent operating costs. For IT administrators, this translates into a simple adagedo more, with less.
Maximizing their security spending, optimizing security resources, and getting the most out of their security systems and infrastructure will be crucial for businesses in 2011. In an effort to maximize return on investment (RoI), one can expect enterprises in 2011 to be more inclined to look at must-have technologies, rather than nice to have technologies and most importantly, solutions that can evolve as their business grows and as new threats emerge. Given the increased financial pressure on enterprises, the spotlight will certainly remain on cost saving technologies, such as virtualization and cloud computing.
Trend #10: Green IT
Last but not the least, Green IT remains one of the top 10 trends that will be emphasized in 2011. With soaring energy prices and increased awareness of the danger to the environment, organizations will have to get serious about the migration to green technology. Yet this green IT trend is also conveniently used by savvy IT leaders to marry ecological aspirations with financial reality.
The Challenge Ahead
Keeping up with all these different trends and meeting the various requirements is a huge challenge for enterprises. The 2011 IT administrators checklist appears very long, including meeting IT governance, risk and compliance (GRC) requirements; preventing the loss of sensitive data; securing and managing Web 2.0 applications; securing all fixed and mobile endpoints; protecting against attacks and evolving threats; securing the virtualized and cloud environments; and reducing the IT spending.
Enterprises trying to address these various security challenges need a different approachone that instead of offering a plethora of different security products, addressing each problem one by one, would rather help them build a flexible and extensible infrastructure that provides security for all these different areas, and can grow with the organizations evolving security needs.