2015 Trends for Information Security and Data Protection
Thursday, January 15, 2015.
Today, global IT services and solution provider Dimension Data, revealed that regular security ‘fire drills’ are necessary for enterprises to fully understand the appropriate course of action in the case of a security breach.
Dimension Data suggested that senior management and risk committees should support such security measures, to be able to adequately anticipate and combat IT security breaches. This is the top trend on the list finalised by Dimension Data's team of over 700 security experts, following daily interactions with clients.
Dimension Data warns that technologies and services should be focused on response to incidents, in addition to prevention, and that ensuring this change occurs should be high on the agenda for security professionals in 2015.
As more organisations worldwide begin to mobilise across all lines of business, the threat of security breaches and corporate data loss has become more severe than ever before. IT departments now have to secure even more platforms, systems, access points, devices and applications across mobile channels, which raises challenges within the enterprise that require extensive dedicated efforts.
The concept of regular rehearsals for these types of incidents will ensure that IT and management teams are fully prepared for what action will need to be taken, reducing the risk and potentially saving valuable corporate information from being compromised. Some examples of the type of action included in these ‘drills’ are recovering evidence, identifying and resolving the root cause of the incident and conducting forensic investigations.
Speaking exclusively to Enterprise Mobility Exchange regarding the importance of these trends to organisations’ mobile deployments, Neil Campbell, Group General Manager for Dimension Data’s Security Business Unit said, "Mobile devices come to the fore across all of the trend areas, as they are often outside corporate network boundaries, and therefore need to leverage agents and cloud services more heavily than desktop systems.
"From an incident response perspective, the mobile devices need to be independently capable of meeting the majority of an organisation’s security policies – with the remainder being addressed by cloud or back-to-base services – and identifying compromises in order to reduce the duration, scope and impact of any incident."
Campbell continued, "The tools to react remotely already exist, ranging from de-authorising devices through to completely wiping their contents. We may, however, see a resurgence of mobile device-focused data leakage prevention technologies and forensic agents for mobile devices. These two technologies have existed for years, but uptake has been limited to a very specific set of use cases."
In addition to this, Dimension Data highlighted four other trends which should be top priorities for IT security professionals in 2015.
Managed security services move front and center: Identifying IT security incidents early enough requires round-the-clock coverage of networks for many businesses. Due to restrictions such as limited resources, manpower and the need for frequent training updates, this can be difficult and very costly.
However, to become truly proactive towards incident response, organisations need visibility of other networks and to be kept abreast of attacks occurring elsewhere. Many businesses lack the necessary skills to detect and effectively respond to these problems effectively.
Managed security services provide enterprises with teams focused specifically on both monitoring and identifying potential threats across multiple networks and channels, adding reinforced preparation for impending attacks.
IT security gets cloudy: SaaS solutions are expected to continue to be utilised for security in 2015, as the adoption of the cloud rises to give businesses more flexibility, scalability and ease-of-implementation. Security protocols within these services will become increasingly important as more organisations migrate their workloads to the cloud.
Cloud providers are expected to invest heavily in building solid network architectures that support the full scope of security controls, to assure organisations that enterprise-grade security solutions are in place to protect their assets.
However, further efforts will need to be made in 2015 to ensure that human error is less detrimental to the security of corporate information, mobile access to the cloud is adequately supported and integration with existing policies and processes is less disruptive.
From security technologies to secure platforms: This year is also expected to see the notion of security being a secure platform, rather than a series of point products or devices on the network, gaining more momentum. The emphasis on IT security will be to deliver a secure platform that allows the business to confidently run multiple applications in a secure environment.
Campbell added, "In line with the move to MSS and SaaS, we are going to see data becoming the focal point of security efforts, rather than devices, and that will introduce more application-centric controls, to the benefit of mobile users and the kind of dynamic provisioning, cloud-based services that are well suited to the mobile workforce. Having said that, the mobile device will be a key part of a data-centric security platform, and will require additional controls including both protection and response capabilities to be embedded."
Endpoint security back in vogue: The industry is also expected to reignite interest in endpoint security, with security professionals looking at devices such as PCs, laptops and smartphones for indications of potential compromise. This will consequently enable some form of incident response process, with deployments to the endpoints making the process quicker and easier.
Enterprises must be proactive about managing the impact of compromises coming from the endpoint source, establishing as much visibility, awareness and control as possible.