Food for thought to kick off 2010. The convergence of these trends (listed in my opinion of the order of impact) will radically reshape the future of information security – both the vendor landscape and how we architect and manage information security internally:
- Convergence onto Security Platforms: The movement of related security controls into “security platforms” capable of being adapted to new types of threats. We see convergence taking place in multiple areas in information security – at the endpoint, at the email security gateway, at the web security gateway, at the next-generation firewall and, for small to midsized organizations, the multifunction firewall.
- Virtualization: This is a topic I research extensively. Beyond just deploying virtualization securely, the virtualization of security controls (like firewalls and intrusion prevention systems) will alter the information security landscape. Beyond this, virtualization offers a new platform to enforce security controls in new ways – such as introspection techniques for rootkit detection.
- Cloudification: The enforcement of our enterprise security policy via security controls and infrastructure that we don’t own. This isn’t necessarily new, but the other trends listed and enterprise adoption of cloud-based applications are forcing this. Cisco’s recent acquisition of ScanSafe or Barracuda’s acquisition of Purewire to extend their on-premises capabilities are timely examples. Other examples include the use of cloud-based web application firewalling or cloud-based filtering of web and email traffic.
- Externalization: The tearing down of walls between businesses and the opening up of our information, processes and systems to outside parties – whether these are contractors, outsourcers, partners and customers. Nearly every enterprise I speak with is being asked to enable and foster secure collaboration with external entities. The massive uptake I see from clients using SharePoint in extranet scenarios is a testament to this.
- Consumerization: The use of consumer-oriented technology (systems and software) for business uses. Examples include the connection of iPhone to enterprise systems, remote access via personal machines and employee demands for access to Facebook, LinkedIn and other consumer-oriented sites in a business context. Combined with #4, this implies a large number of systems that we don’t own and don’t manage connecting to our systems and networks.
- Operationalization: As threats become well understood and the technologies we use to protect our infrastructure become more mature, these can be turned over to IT operations. Examples include endpoint antivirus being managed by desktop operations, antispam and email security gateways being managed by the email ops team, firewalls being managed by network ops and so on. This is the only way we’ll free up enough of our limited information security resources to tackle the new and emerging threats that relentlessly continue.
Are you ready? Are your incumbent vendors?
Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer
As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.Read Free Gartner Research
Category: endpoint-protection-platform next-generation-security-infrastructure security-of-applications-and-data sharepoint-security virtualization-security
Tags: adaptive-security-infrastucture cloud-security endpoint-protection-platform information-security next-generation-security-infrastructure sharepoint-security virtualization-security
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.