2012 Predictions: Security

In a year that saw many areas of IT spending stagnant, a recent survey from TheInfoPro, part of analyst firm The451 Group, found that 39 percent of businesses increased their IT security spending from 2010, while only 15 percent decreased budgets. Happily for the channel, almost the same figures are projected for 2012.
Nobody was safe in 2011

One reason that firms are increasing spending is that misguided complacency has taken a knock. 2011 was a year when it became absolutely clear that nobody is immune from cyber-attack. The most shocking example for many people was the breach at RSA. Considering the firm is on the top table of security vendors, the fact that hackers were able to steal information that could be used to compromise the security of two-factor authentication tokens used by 40m employees, was an eye opener.

Other brands that maybe should have known better saw attacks that led to embarrassment and huge financial losses. The Sony Playstation network was hit multiple times in a recurring nightmare that has cost the firm potentially tens of millions in lost revenue and enduring brand damage.

If Sony and RSA should have done better, then 2011 also saw another shocker as a quartet of Certificate Authorities all fell prey to attackers.  As the guardians of third party trust, Comodo, GlobalSign, Digicert (Malaysia), and DigiNotar caused massive disruption as enterprises and in one case an entire government e-system had to tell users not to trust critical online and digital signatures.

The year has seen much public finger pointing at nations such as China with hints of state-sponsored cyber warfare coming from leading security experts. However, it was “the kids” that probably got the most news headlines as the theft and subsequent publication of sensitive documents went hand-in-hand with website defacement and other forms of “hacktivism”.

But it has not just been mysterious external hackers out to plunder and pillage. Insider threats and sheer carelessness has been rife this year. Our own Information Commisioner’s Office has had a field day with organisations losing laptops full of data, poor data retention policies and even insiders selling personal data from estate agents to bingo halls. But it’s not just servers in datacentres, in 2012; security is increasingly on the road…

Focus on Mobile Security

As the number of mobile devices overtakes fixed PCs, there has been an influx of new products from the top tier IT security vendors aimed at protecting the millions of smartphone users. The first generation of products have been derided in some quarters as less than robust, but 2012 promises to be a year when mobile security will be a hot ticket.

“One thing we can say with absolute certainty is that data loss is not going to disappear anytime soon,” says Nick Banks, VP of sales EMEA & APAC for Imation Mobile Security. “In 2012 the growing reliance on mobile working and increasing risks to the endpoint will mean that companies who do not make a serious commitment to data security will be caught out. CIOs should also remember that compliance is really only a minimum standard, so they should be going over and above that level to safeguard their data in 2012.” 

As it becomes more acceptable for workers to use their personal devices in the workplace, the security risks are increasing. According to recent figures from Kaseya, nearly one third of European businesses still have no usage polices in place for mobile devices.

Addressing the challenges of mobile devices on the corporate network has become a mission critical operation for IT staff – IT departments will need to ensure they are able to securely and easily allow access to their network from mobile devices, whether these are from laptop computers, smartphone devices or the increasing number of tables on the market. The challenge for IT departments is to allow full device management across the plethora of products now available and being introduced to the company by employees.

Marcus Jewell, UK country manager at Brocade believes, “we will see at least one high profile security disaster as a result of this trend, and that will be act as a wake-up call for companies to get proper security processes in place before unlocking their networks to all and sundry.”

2012 will see all the main vendors bring out 2.0 mobile security products that will start to tie-up areas like protected app stores, encryption policies, DLP and even integration with device tracking. The channel needs to understand these products and related skills. With estimated 20 million smart phones users in the UK alone, it could be a bumper time for the partners with the right skill set.