As we enter the second decade of the 21st century, our panel of security experts nominate the prime security trends of 2011.
1. Compliance and technical skills, please
Our clients are looking for candidates with a combination of compliance and technical expertise. Consequently, qualifications such as CISSP that provide a benchmark have increased in significance. On the penetration testing side there has been a steady increase in demand for those with CREST and we expect this to continue. Demand for soft skills is also accelerating. These skills are overwhelmingly important – particularly as IT security becomes intrinsic to end user organisations.
Chris Batten, managing director, Acumin Consulting
2. Holistic approach recommended
Security needs to align even more closely with business objectives. Against a backdrop of advanced persistent threats, IT managers need to ensure they implement a holistic approach to security that aligns with business objectives.
Ron Gula, CEO, Tenable
3. More software flexibility
2010 saw the security sector respond to the rise of tablet devices and smart phones with the launch of an iPhone application that remotely connects to IT servers. Moving into 2011 we expect to see this trend continue with security professionals expecting more flexibility from their software and service providers.
Ron Gula, CEO, Tenable
4. Social engineering tactics increase
The boom in social networking provides hackers with new means of accessing systems. Using information posted publically on websites and grooming online personae can provide an illegal route into business networks. Social engineering techniques such as phishing that aim trick people into disclosing personal information will also increase.
David Emm, senior security researcher at Kaspersky Lab
5. Cloud security evolves
Cloud security is about establishing an effective trust model covering people, assets and data, wherever they may be located. Protection can be deployed at key connection points like the data entry or exit points in a network. Cloud security could also be enforced through rules around data, limiting how the information could be used and allowing it to be accessed only by certain individuals in certain contexts.
Don Smith, Vice President of engineering and technology at SecureWorks
6. Focus on identity
As companies continue to migrate to the cloud, 2011 will see the rise of a new way of managing this computing which focuses on the user. IDC calls this intelligent workload management and defines IWM as the intersection of software appliances, server and workload automation with identity and access management. To manage this new environment, security professions need to shift to a more policy-based, automated approach for building and securing workloads, driven by identity.
Adam Maskatiya, director of intelligent workload management, Novell
7. People are the weakest link
As the recent Wikileaks saga makes clear, people continue to be a primary cause of security breaches. Confidential information is leaking like an old tap out of US governmental departments, while denial of service (DOS) attacks also involve people unwittingly. Both situations, of active participation or being an unwitting ‘mule’, confirm that security is still more of a people than a technology issue. In 2011, education about what is socially acceptable online and in business will become a priority.
John Colley, Managing Director EMEA, (ISC)2
8. Spamming deluge threat
As IPv4 addresses run out in the year ahead, this issue will come to the fore, as ISPs, businesses and industry bodies will migrate to IPv6. This move will also enable spammers to use many more IP addresses to send their messages around the world, which will be much harder to blacklist. If we are to approach this issue well, there must be an open discussion on how to effectively work together and ensure that this doesn’t open up a new spamming floodgate
Stuart Paton, Senior Solutions Architect EMEA, Cloudmark
9. Beware reputational damage
The CSO is facing a range of new, unfamiliar security issues, from Sim Box Fraud, using GSM Gateways, SMS Spoofing where fraudsters hi-jack the personality of a roamer, and premium service fraud which are already threatening telecommunications operators. As businesses increasingly rely on mobile workforces and global communications networks then these threats will rapidly come into play. The impact is not only one of cost, but of productivity and potential brand damage.
Andy Gent, CEO, Revector
10. Security and risk go hand in hand
In 2011 it will become clearer that information security professionals are in the risk business. This means that we need to make our approach and reaction to information security situations based firmly on the specific risk they pose to the organisation. The old checklist approach where one size fitted all is no longer appropriate in the way that we deal with information security.
John Colley, Managing Director EMEA, (ISC)
Search CWJobs for Cisco jobs, security roles, and telecoms jobs.