What will drive budgets in 2012?
How will these changes in technology,mobility and infrastructure affect spending? The implications for spending due to the growth in Cloud computing are ambiguous. Google might say that the growth in Cloud computing should help drive down costs by effectively outsourcing security in some functions.
However, the Cloud’s rise has included social media and one organisation more than any other,WikiLeaks, has shown to the board the risks of information leakage.
“There is a lot more awareness of information leakage,” says Girn. “Wikileaks has opened the eyesof executives for the potential of information being lost through a CD, for example.
” The device or medium that enabled the leakage is one thing, but Girn emphasises that it’s theoverall technology environment, including the Cloud, that has executives worried.
“A lot of people realise that because of social media, the bad news, such as an information leakage or a hack, can spread in seconds, as seen in WikiLeaks. So it’s not just the loss itself, but the realisation from executives that it could happen to us and our brand will loose its reputation if one of our employees placed information on a CD and posted it somewhere.
“The questions executives and boards should be asking are: ‘Could an employee download the entirecustomer database? What controls are in place to mitigate risks, and what is the quality of these?’ And so organisations are placing a lot of importance on education and electronic ways of minimising brand damage.
” Add this to intense expansion plans of companies globally into counties such as China where opportunities are juxtaposed against a higher data risk profile, Girn believes spending more on security is on the agenda. The question is where and how.
Alan Paller, director of research at the SANS Institute in the US, believes there is an opportunity now to grow security budgets and grab the attention of CIOs, with the profile of data security the highest it has ever been thanks to some security threats getting mainstream media attention due to their geopolitical implications.
“The biggest threat is also the biggest opportunity. CSOs have implemented firewalls and anti-virus and patching regimens, but these have failed to stop the targeted attacks,” Paller tells CSO Australia.
“Their bosses have discovered the failure or will within the next few months. What they do and say when their bosses ask ‘What are we doing to stop these attacks?’ — as Ian Watt did when he was secretary of Defence in Australia — will shape or shorten the careers of these CSOs.
“Many [CSOs] may think that they won’t have to deal with it because their CIOs and boards don’t pay attention.
” But this view is wrong, says Paller noting that “the mainstream press”, such as television program 60 Minutes, are paying attention thanks to viruses like Stuxnet.
Data leakage prevention technologies (DLP) have long been touted as the solution to the risk of data flowing out of the organisation in an uncontrolled manner, but Da Silva says he would only recommend companies buy DLP when it is supported by already established practices.
Budgets for DLP must include assessing current security program gaps such as asset valuation, information classification, inventory and how to manage policy deviation, he says.
“This will clearly identify what needs to be protected, regardless of use, location and time. It is obvious that not everything can be protected. Not everything should and the efficiency of DLP is also relatedto how and where you implement the sensors. It is also supported by cryptographic solutions which are used to ensure the information can be used, stored and transmitted securely,” he tells CSOAustralia.
On the other hand, Rothman argues, “There is no specific technology to deal with persistent, well-funded, patient attackers.
“We do like full packet capture technologies because they provide a depth of forensic capabilities not possible using just event logs. But we advocate that enterprises focus much more on detection, rather than prevention, which includes all sorts of monitoring because the attackers will be successful,sooner or later. It’s up to the security team to shorten the window from attack to detection.”