The arrival of new devices, BYOD, cloud and virtualisation may bring a wave of fresh security threats in 2013
Our predictions for the IT security market start with the premise that cyber-attacks – and the resulting embarrassing and financially-crippling results – are not going away any time soon.
Growing IT security complexity
IT security spending seems to be a market immune from the general economic slowdown. Canalys research estimated the market value at $22bn in 2012, growing by 8.7 percent each year. As a result, many technology vendors want to expand into security.
For network infrastructure providers, the firewall becomes an obvious point of entry. Although the enterprise firewall market reached saturation long ago, new firewalls still keep popping up, as do unified threat management systems (UTMs), and all the incumbent vendors have developed their own next generation firewalls.
Reuven Harrison, CTO of network security company Tufin Technologies, believes this trend will accelerate. “We will see companies from various domains introduce their own firewall, each with enough appeal to support a certain degree of adoption. Enterprises will find themselves with an increased set of management challenges, as they will now have 4-5 firewall flavours rather than the 1-3 they have today.”
This complexity offers an opportunity for the channel in areas like managed firewalls and innovative solutions to help reduce this complexity. “Organisations must streamline the unavoidable spike in complexity and leverage the expanded set of infrastructure offerings in order to ‘future-proof’ their networks in terms of cyber-attacks, compliance, IPv6, and application delivery, for starters.”
One of the ways in which the industry is trying to address complexity of application delivery and security is through IT delivered as a service. The catch-all term used by many is “the cloud” but this resource will also become more of a target for cyber criminals as adoption grows.
“As the use of third-party cloud increases, the association with security exposures, vulnerabilities and hacking will increase, as business owners take on the opportunity of off-setting their own security management responsibilities by migration to external hosting facilities,” is the view of Professor John Walker, chair London Chapter ISACA Security Advisory and CTO of Secure-Bastion. “Cloud should also be expected to evolve toward provisioning more high-end services of Hacker, and Cracker toolsets, in the form of CrimeWare-as-a-Service (CaaS) and metered DDoS on demand, or other such Cracking Services.”
As cloud becomes a target, Venafi CEO Jeff Hudson believes that regulators will get tougher. The CEO highlights that in late 2012, the ICO issued specific guidelines relating to cloud computing – advocating that companies going into the cloud need to have total control, auditability and use encryption with robust key management. The data protection regulator says that businesses will need to comply with the law and has published a guide, which seeks to act as a source of best practice for those organisations considering and/or using a cloud-computing environment.
“Based on the ICO's previous track record, we believe these guidelines are a polite pre-cursor to the imposition of financial penalties against organisations that fail to protect their cloud-based data,” warns Hudson.