IT security continues to lead the lists of IT managers' technology concerns. In 2009, several long-standing security trends are continuing, while some new ones are rising to prominence.
1. Data loss: The ever-increasing use of the Internet for sensitive business applications leads to a rise in data loss and theft. SaaS (Software as a Service) poses a significant security challenge because companies are adopting it rapidly, and it presents a channel by which hackers can gain access to corporate data. SaaS users must be concerned not only with their in-house security but also with the security measures taken by their Internet carriers and the SaaS provider.
Mobile computing and portable storage are another vector by which data can be lost or stolen. Today, sensitive corporate data and applications may be stored on laptops, PDAs, smart phones — even iPods. Thumb-sized flash drives and other highly portable storage media carry data from office to office and from office to home and back. Accidental losses and deliberate thefts are making news almost weekly.
2. Insider threats: The security challenges posed by employees who routinely bring work home and travel with sensitive data is on the rise as more employers offer flexible working arrangements. IT security managers are gradually extending their policies and procedures to cover non-office environments and are hardening the perimeter of the corporate network against insider threats. These threats may include viruses and other malware acquired by employee-owned IT equipment that connects to the corporate network. As the number and variety of such devices proliferate, IT security managers face greater complexity and resource expenses.
The recession puts greater pressure on employees' personal finances, making them more vulnerable to bribes and independent decisions to steal and sell corporate secrets. No company can afford to rely on trust alone. Rigorous security and auditing procedures can help deter data theft.
3. Organized crime: The Information Security Forum, a UK consortium of large businesses and government agencies, is warning of a trend from random hacker attacks toward more targeted, purposeful industrial espionage and terrorism by organized criminal operations. These groups see online crime as highly lucrative and relatively low-risk.
Hackers who once probed and penetrated corporate IT security defenses for the challenge are now being hired to go after specific targets of information within companies of all sizes. Being small and relatively low-profile is no longer a hedge against cybercrime.
Keystroke loggers, phishing exploits and other malware typically introduced to corporate networks via the Internet are expected to increase throughout 2009.
4. Crime by software: White-collar crime such as fraud, insider trading and market manipulation will rise as the economic downturn drives more people to desperate measures. This sort of crime may be abetted by sophisticated software. For example, botnets of several thousand "enslaved" computers, taken over by downloaded malware, may be used to simultaneously steal small bits of money from many people's bank accounts or credit cards. The illicit transactions are so tiny and numerous that it becomes nearly impossible to trace them all.
5. Endpoint security: Endpoint security will become more sophisticated as companies continue to focus on securing the perimeter of the corporate network. Anti-virus, firewall and other endpoint security applications will be popular upgrades this year. Regulatory and compliance issues will help drive the trend toward beefing up endpoint security.
6. Privacy protection: Greater emphasis on privacy protection will be driven primarily by legislation, but also by heightened concerns among customers and consumers. The new Administration is expected to place greater emphasis on information privacy than the previous one. Customers' credit records will be protected to a greater extent, and companies that hold such data will be subject to greater scrutiny and compliance requirements.
7. Cloud security: 2009 will be a boom year for managed security services. Many organizations, strapped for cash and staff, will turn to outside specialists to provide end-to-end, round-the-clock security services. Cloud computing vendors will also take the initiative to increase and heavily promote their security measures.
8. Virtualization security: As server and desktop virtualization proliferate, security issues such as role-based access control, virtual server identity management, virtual network security and reporting/auditing will come to the fore. Vendors including Citrix, Microsoft and VMware will roll out new products and partnerships to address the growing security needs of the virtualized IT infrastructure.
9. Secure software: Most hackers target known vulnerabilities in popular software applications. 2009 will see a redoubling of software developers' emphasis on designing code with fewer security vulnerabilities right out of the box. Security patches will be issued more frequently. Managing security updates will assume greater importance in every organization.
10. Ubiquitous encryption: Long an optional add-on, encryption is becoming a built-in feature of software and hardware systems. Tape drives now contain cryptographic engines, as do disk drives from Hitachi, Fujitus, Seagate and other vendors. Intel is expected to release its vPro chip set in 2009 that also supports on-board encryption. Multiple layers of encryption will become the norm in IT security schema, battening down the hatches but also demanding more enterprise-wide processing power.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more