Operating in a hyper-connected world, the major concern that is foremost on the CIO's priority list is security. The emergence of convergence technologies, mobility and new delivery models like cloud has only further spurred the growth in security.
Notably, spending on security during the GFC was not compromised and is unlikely to happen going forward.
In 2010 there was a spate of security breaches in which customer data was exposed in a spectacular way. There was of course the infamous Vodafone breach and St George bank's breach of customer accounts, as well as unauthorised access by Medicare staff to client records. All of which, no doubt, will have proven to be costly to organisations. It is hardly surprising that the focus for companies will be on protecting and preventing data leakage. A survey undertaken by IDC in 2010 indicates data leakage and protection is the number one concern for IT managers.
What we will see this year and next is a greater emphasis on securing the Web, Cloud, business processes, endpoints and an increasing focus on the mobile enterprise, all of which will drive spending in data leakage prevention, compliance, messaging/Web security,end point security and encryption.
The Web environment will be of particular focus; the rate of change in the realm of the Web makes it difficult to stay up to date. The attack method of choice for online criminals is now a combination of spam with embedded URLs which link to amorphous “Cloud-based” criminal sites that push malware down from the Web onto victim's PCs and likely, in the near future, mobile devices. Millions of new Web URLs are created every day solely for the purposes of infecting unknowing Web end users with Trojans and malware or to pull them into other types of social engineering schemes.
The Web is a complex dimension and IT operations departments are beginning to understand that it is critical to treat it differently. Keeping up with the Web environment, however is challenging — which is why we are likely to see the use of more SaaS-based security solutions, this year and going forward.
Collaborative applications and technology will drive enterprise security.As a result we will see Web security technology become an increasingly critical component to an enterprise's security infrastructure as more enterprise business processes move to Web-based applications and Web 2.0-based collaboration tools proliferate among end users. As always, the “baddies” are using the same technology as the “goodies” and in some cases a lot better! At the moment they are capitalising on Cloud Cloudbased technology, scalable, inexpensive, on demand, and widely distributed computing platforms.
Revived interest in network security
Network security has seen a revived and renewed interest in UTMs, IPS,and content management appliances. This is largely due to securing the private Cloud on premise in the customer environment and the service provider's data center.
Ultimately, it would be untenable to consider cyber security separately from business operations, especially in a hyper-connected enterprise. The cyber world and business operations are converging and this will need to be reflected in a sound security framework, which includes business processes as well as covering Cloud, Web environments and mobile communication environments.
By Marina Beale Marina Beale is IT Services and Software Research Manager with IDC's Services and Software Research Group, based in Sydney,Australia. She is responsible for IDC’s IT services and software research, with a strong focus on security in Australia. Part of the research is to track and to provide insight and analysis into these markets, as well as identify changes and emerging trends.