Enterprise Security: What is new? Date:   Thursday , September 08, 2011 Although the economic recovery is slow and long, initial signs of improvement has made large and small enterprises wonder alike what the future hold for companies and people in IT. The uneasiness and pessimism that has been plaguing the industry for the last few years is being replaced with a general sense of guarded optimism. Enterprises have opened their kitty and have started to invest in new technologies and business models to become leaner but more efficient. New M&A activity is providing companies with greater multiples than were possible just a year ago. The spotlight today has shifted from companies brooding over lack of economic stability to technology advances they are making. Although the industry is yet to reach the level prior to the downturn, the last two years have shaped up to be a more positive and promising year for budgets and IT employees. As such, security will remain a hot issue and an area of increased focus for all companies that need to protect their proprietary, business-critical information. Securing the Virtual World The trend toward operating in a virtual environment will be led by business benefits and raise many new security and management challenges this year. If implementation tactics are not thought through and potential new exploits not considered, virtualization could become a technology lever that an attacker can easily abuse. Incidents such as thefts, replay attacks, and unauthorized access by the virtual machine (VM) administrators themselves will find their spot in the news. To mitigate these incidents, organizations will need to thoroughly plan virtualization efforts and place significant emphasis on securing the infrastructure. Ultimately, advances in security technologies will afford the opportunity to automate many of the activities associated with deploying a virtual infrastructure and the applications that operate within it. Implementing the appropriate security controls in a virtual environment must account for the dynamic nature of virtual machines themselves while simultaneously overcompensating for the barrage of novel exploits that are sure to follow the new technology platform. A shift towards Cloud Computing Cloud computing is reshaping the traditional understanding of IT infrastructure. Elastic computing provides a compelling business model that helps drive the adoption for cloud-based application deployment. However, IT executives running and maintaining these systems in 2010 will quickly learn that this shift can eliminate all the fundamental infrastructure controls that have been in place within their own data centers. As cloud computing capabilities, services, and offerings expand and become more robust, the popular platform will also become a favorite target for rouge attackers. Cloud providers and cloud-based applications will be tested with typical assaults that have consistently played out in the media, but they will also start to face more sophisticated attacks that threaten the data in use, opening the door for a serious breach. More than ever, organizations will need to intensively monitor and manage access to critical information assets in all facets of the organization, employing proactive warning systems to circumvent critical incidents and limit exposure to credentials and vital information that lives in the cloud. Identity Management will continue to be a significant IT initiative in 2010, as the hard times of 2009 illuminated the need for tighter security controls over access to devices, systems, applications, and data. Many solutions exist to help end users maintain their identities and passwords across systems. To best protect proprietary information, companies need to identify and understand the different types of privileged accounts they employ so they can implement the best security solution(s) to meet their needs. Identity solutions will move further towards application-centric identity from the suite providers while maintaining efforts for open, interoperable solutions. Similarly, role management will move towards providing a single authoritative source of role information across the network, rather than for each application. Mobility through Smartphones The surge in smartphone dependence has increased at an enormous rate. Heavily relied upon for many business and personal uses, it is only a matter of time before smartphones create weak points for business applications as they are targeted by attackers going after Java and Browser implementations. The rise of innovative and varied attacks is inevitable, as smartphones are just as likely to become a zombie device in a dedicated-denial-of-service (DDOS) attack or infused with a malicious code that siphons data or performs keylogging. This year saw the reports of the first examples of sophisticated phone-based attacks where several thousand Google’s users information were stolen over the Android platform. As a result of such specific breaches, enterprises will set a precedent for placing tighter restrictions and controls on the type and usage of smartphones with corporate applications. Although IT has been constrained over the past few years due to the economic environment, the current environment appears to be the turn at the bottom of the curve, with budgets slightly increasing rather than declining. However, IT groups will need to remain frugal and diligent in their spending and stick to the fundamentals when it comes to security and business operations. If companies can meet this challenge, one could expect a 2012 to be a larger budget year than 2011.