After the 2010 security tsunami, tips on how to survive 2011
In-house and internal threats will be a big element of 2011 as organizations begin to understand that anti-virus, malware, and phishing software is no longer effective. There will be an epiphany that critical infrastructure is under constant attack and that there is a serious need to implement more comprehensive security software, security perimeters, data loss prevention and human assets to counter the existing and expanding security threats. This will translate into a significant need for the modernization of infrastructure and enhanced education in human resources to implement these systems.
As the WikiLeaks security tsunami shows us – the malignant insider is impossible to identify – you have to ensure that no-one has authority to access data they don’t need.
In the coming year companies will start to understand that the insider threat is real and that their existing security culture of using weak passwords, sharing privileged passwords and never changing root passwords will lead to greater financial losses and damage to their reputations. IT will finally “get” that the concept of segregation of duties, controls and regulatory compliance is not a burden, but a requirement for a well run organization.
In 2011 we will also see a change in mindset for security from a series of checkboxes and point in time compliance, to a new way of thinking: continuous compliance. This translates into organizations finally integrating all of their security systems together to provide an integrated view.
We will also see a massive shift from Windows XP to Windows 7 as companies realize the impossibility of trying to secure XP against security threats. In this upcoming year we will also see many software companies discontinuing support of XP for their applications.
The realities of the “cloud” will become clearer in 2011. We will see a migration of Small to Medium Enterprise (SME) customers to more cloud based solutions. This will be caused by small companies realizing their inability to create secure, reliable and regulatory compliant solutions.
I expect that many large software companies will try to grab ever higher levels of revenue for support and upgrades in 2011. This will lead to the migration of companies from their existing (creaky and unreliable) platforms onto the cloud and competitor’s offerings. This grab for more money will force the migration from legacy systems to those that support web services (SOA) where companies have a chance of some flexibility in mixing/matching solutions.
2011 will be a game changer for the channel with a massive wave of hardware upgrades to support modern and secure operating systems, new sales of cloud offerings as SMEs realize the advantages of the cloud, and enhanced understanding of insider threats and implementation of solutions to manage privileged accounts.