IT research firm, Burton group in a report has revealed that the IT threat environment is much more sinister, in which the majority of externally originated attacks are not just criminal in nature, but targeted and intentional. The report said this combined with compliance, software consolidation, mobility, and service-oriented architecture (SOA) calls for enterprises to focus heavily on effective security governance. The report highlights the top IT security issues enterprise organisations should watch.
"Enterprises are not only under pressure from cybercrime and insider abuse, but are facing increasing and evolving compliance demands - highlighting the importance of establishing effective and measurable security programs," said Dan Blum, senior vice president and research director.
The report also points out that the security software market is going through consolidation and change, as major vendors increase R&D, integration and acquisition efforts. Large platform vendors such as Microsoft, Cisco, Novell, Oracle and EMC are entering the market with their own offerings, even as traditional software security specialists such as CA, Checkpoint, IBM, McAfee, RSA and Symantec step up their efforts.
Blum speculates that there is also considerable funding and opportunity for innovation, especially as organisations are adopting mobile computing technologies on a massive scale and moving towards zoned network architectures featuring internal perimeters.
The report said vendors are building converged perimeter devices and Carriers and service providers are becoming more assertive in the information security services market. Organisations are taking various approaches to the problem of network admission control for mobile and local devices.
Another tipping point in the industry is application security. The report revealed that SOA heralds a sea-change in software deployment and efforts are underway to secure web services.
Fig. 1: Service Orineted Architecture (Source: www.ibm.com)
The need to increase identity assurance is recognised across multiple industries. Provisioning deployments are proliferating and identity federation is ready for prime time. More enterprises are turning to role-based access control and fine-grained authorization to enforce data and application restrictions and comply with a variety of regulations.
"Organisations are under the gun to build a security management "control layer" that can control and monitor a welter of mismatched, feature-crammed technologies and tools," says Blum. "Wider use or improvement of existing standards and creation of new standards for control and feedback is imperative to facilitate interoperability among these systems," said Blum.
With so much to consider, Blum emphasises that security technologies must be deployed in accordance with a well-thought information security architecture. "Enterprise technologists must look beyond the confusion to build an effective security control layer and to construct a comprehensive information security architecture," he added.
|
