Neil MacDonaldAs I discuss IT security strategies and future architectures with clients, there are several inflection points that I don’t think many organizations are prepared for.
Are you ready for the point where:
- More non-employees access our systems and information than actual employees (To be clear – I’m not talking about consumer-facing websites, I’m talking about our internal systems and information opened up for collaboration and inter-enterprise processes).
- More than half of our employees spend the majority of their working hours connected to networks we don’t own and don’t control (airports, hotels, home, wireless, 3G and so on)
- Even on networks we do control, the majority of devices that connect won’t be devices we own or control (mobile devices primarily, but also including contractor machines, employee-owned laptops and so on)
- The majority of server workloads connecting to our network will be virtual machines, not physical machines.
Some of you are already experiencing these. All of these will challenge our traditional assumptions about information security. I’d be interested in your thoughts, including any you think I might have missed.
Category: Next-generation Security Infrastructure Tags:
3 responses so far ↓
1 Are You Ready for These Security Inflection Points? May 8, 2009 at 1:58 am
[...] News Sources wrote an interesting post today onHere’s a quick excerptAs I discuss IT security strategies and future architectures with clients, there are several inflection points that I don’t think many organizations are prepared for. Are you ready for the point where: More non-employees access our systems and information than actual employees (To be clear – I’m not talking about consumer-facing websites, I’m talking about our internal systems and information opened up for collaboration and inter-enterprise processes). More than half of our employees sp [...]
2 Allen Baranov May 12, 2009 at 9:05 am
Hi,
I have just completed a presentation on the future of Information Security and then I read this and saw that you are exactly on the same page as me.
Then, I went to an older presentation of mine and found a quote by you.
I think I’m going to add you to my RSS feed right now.
Excellent stuff, keep up the good work!
Allen
3 Mehul Doshi January 5, 2010 at 8:05 am
The organizations using Sharepoint of intranet based applications similar to Knowledgebase be it for dealers, partners, collobrators or its own employees need to provide a access and in the process they share lot of content which are IPR or processes which need to be restricted within the community. Like we have attritions, similarly partners also change taking the IPR along with them.
Mobile workforce is increasing in almost all organizations and it is a matter of time when 60% of the branch employees need to have regional spread using mediums like 3G, wimax, Broaband for connectivity to central site.Hence User now have mobile phones with or without internet, Broadband to laptops for roaming, broad band to homes or branches or using centralized internet via Central office or similar. We hence reach a inflection point of organization having to secure 2-3 medium of public access per user. Are this planned by security teams. The endpoint technology though may be converging best of breed cannot catchup with cybercrimals hence organizations need ADAPTIVE SECURITY models monitored by central security team for all the tiers. This security need to be Database and Application user mapped as this is the areas where all the action or repository access takes place. From Infrastructure element we are talking about linking the endpoints, with Network Security i.e Firewall and authentication technologies. Can we expect the fast growth companies to address this complexity? Vendors need to innovate fast to simplify this piece and while each one needs to do its piece the key owners to this blueprint need to be security organizations as they have the culture to address risk.