A growing profile for managed services and the adoption of cloud-based security services are among the key security priorities expected to define the market in 2015, Dimension Data security experts have advised based on their regular interactions with clients during 2014.
Topping the list of priorities was the need to focus on incident response as well as incident prevention, group general manager for Dimension Data's Security Business Unit Neil Campbell advised, with organisations encouraged to conduct regular 'fire drills' to ensure that IT and management teams are regularly kept up-to-date with the best response to a security incident.
These responses might include recovering evidence, identifying and resolving the root cause of the incident, and conducting a forensic investigation. “It's inevitable that security incidents will occur,” Campbell said in a statement.
“It's therefore critical that organisations begin to focus on identifying what we call 'indicators of compromise', putting a comprehensive incident response plan in place, and performing regular IT security 'fire drills'.”
Supporting these efforts will be an increased focus on managed security services, which will grow in importance as the task of monitoring an ever-expanding threat base becomes more complex. Since many organisations lack the skills to respond to this threat inhouse, Dimension Data found, embracing managed security services has become a significant priority for many during 2015.
Third on the list of priorities is the shift towards cloud-based IT security, leveraging cloud scalability to deliver security solutions to large numbers of users. Such solutions will also increasingly be used to secure cloud applications, which present new security challenges for cloud providers and users alike.
“It's no good adopting [cloud] only to be told by auditors a year later that your cloud provider's security controls aren't up to scratch,” Campbell said.
“We'll see cloud providers investing heavily in building rich network architectures that support the gamut of security controls, so that they can assure their clients that enterprise-grade security technologies are being applied to their workloads.”
Fourth on Dimension Data's list of priorities for 2015 is the shift from viewing security as a collection of discrete products, as in the past; instead, security will become a unified platform – a 'single pane of glass' – through which organisations can manage their security assets. This approach not only provides more flexibility in security and management of security, but supports organisations' increasing demand to deliver and secure mobile solutions for their users.
Completing the company's list of expected priorities in 2015 is the need to improve endpoint security, which Campbell said has come “back in vogue” as security professionals find their existing security controls aren't as effective as they used to be.
Application control frameworks are expected to make a resurgence in 2015, with a focus on identifying malicious behaviour at the endpoint instead of trying to catch the code itself.
This trend, Campbell said, ties closely with the focus on incident response: “at some point someone is going to click on something they shouldn't,” he said, “so organisations must be proactive about managing the impact of such events.”
“Security professionals will be looking at devices for indicators of compromise, and then enabling some form of incident response. They'll deploy technologies to make incident response easier.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)