Food for thought to kick off 2010. The convergence of these trends (listed in my opinion of the order of impact) will radically reshape the future of information security – both the vendor landscape and how we architect and manage information security internally:
- Convergence onto Security Platforms: The movement of related security controls into “security platforms” capable of being adapted to new types of threats. We see convergence taking place in multiple areas in information security – at the endpoint, at the email security gateway, at the web security gateway, at the next-generation firewall and, for small to midsized organizations, the multifunction firewall.
- Virtualization: This is a topic I research extensively. Beyond just deploying virtualization securely, the virtualization of security controls (like firewalls and intrusion prevention systems) will alter the information security landscape. Beyond this, virtualization offers a new platform to enforce security controls in new ways – such as introspection techniques for rootkit detection.
- Cloudification: The enforcement of our enterprise security policy via security controls and infrastructure that we don’t own. This isn’t necessarily new, but the other trends listed and enterprise adoption of cloud-based applications are forcing this. Cisco’s recent acquisition of ScanSafe or Barracuda’s acquisition of Purewire to extend their on-premises capabilities are timely examples. Other examples include the use of cloud-based web application firewalling or cloud-based filtering of web and email traffic.
- Externalization: The tearing down of walls between businesses and the opening up of our information, processes and systems to outside parties – whether these are contractors, outsourcers, partners and customers. Nearly every enterprise I speak with is being asked to enable and foster secure collaboration with external entities. The massive uptake I see from clients using SharePoint in extranet scenarios is a testament to this.
- Consumerization: The use of consumer-oriented technology (systems and software) for business uses. Examples include the connection of iPhone to enterprise systems, remote access via personal machines and employee demands for access to Facebook, LinkedIn and other consumer-oriented sites in a business context. Combined with #4, this implies a large number of systems that we don’t own and don’t manage connecting to our systems and networks.
- Operationalization: As threats become well understood and the technologies we use to protect our infrastructure become more mature, these can be turned over to IT operations. Examples include endpoint antivirus being managed by desktop operations, antispam and email security gateways being managed by the email ops team, firewalls being managed by network ops and so on. This is the only way we’ll free up enough of our limited information security resources to tackle the new and emerging threats that relentlessly continue.
Are you ready? Are your incumbent vendors?
Category: Endpoint Protection Platform Information Security Next-generation Security Infrastructure SharePoint Security Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Endpoint Protection Platform, Information Security, Next-generation Security Infrastructure, SharePoint Security, Virtualization Security