Changing landscape, amorphous threats
There can be no doubt that the field of information security has experienced more interesting times this year than most other fields of information technology. Despite the march of software defined everything, cloud morphing into various new guises and ever more as-a-service offerings, information security still tops the agenda for many as the primary IT concern.
The landscape this year is littered with new data breaches, as well as the shells of broken systems as a result of the likes of Heartbleed, Poodle and Shellshock. 2013 had been dubbed the year of the ‘mega breach’ by one security vendor, but 2014 has already been dubbed the ‘year of crappy crypto’, by Rahim Jina, director, BCC Risk Advisory.
So within this grim year of cybersecurity, what are the influences that are guiding Irish organisations in their buying and implementations?
“One of the hot topics is around mobile, and Mobile Device Management (MDM),” Dermot Hayden, country manager Ireland, Sophos.
“While people are still buying endpoint security,” said Hayden, “an area that people are still trying to get their head around is mobile security.”
This is point that was echoed by Venessa Chin, sales director, AVG Business, who told TechPro that over the coming 12 months or so, the management of mobile devices would become increasingly important.
Hayden said that Sophos was taking a different approach to other vendors in this area, as the company includes mobile security with its endpoint licence, which he believes, has lead Sophos to be one of the market leaders in mobile, overtaking many pure play mobile security vendors.
“While people are still buying endpoint security, an area that people are still trying to get their head around is mobile security,” Dermot Hayden, Sophos
Many organisations are still struggling with policy, as most have focused on the technical solutions, overlooking the policy aspects, he said.
Hayden said that Sophos had closed a lot of deals because of the mobile capabilities bundled.
Chin of AVG Business said that cloud care and remote monitoring and management (RMM) services were a major focus area for the company. She said that currently, AVG is the only vendor with cloud-security integrated with RMM and an open ecosystem that saves on administration time and resources, yet still gives the option to work with any of the leading management services applications in the market.
“Our platform is allowing businesses throughout Ireland to manage a wide range of IT security functions simply via a single integrated management console,” said Chin.
Cloud was a commonly occurring theme among the experts, with Brendan Fay, principal information security consultant, Ward Solutions, saying that the move towards cloud computing was driving a lot of buying decisions in Ireland.
“Organisations are moving to the cloud to save money,” said Ward, “and they need to know the security implications of moving to the cloud, and/or building out a private, or hybrid, cloud for themselves. That is a major theme that is ongoing at the moment.”
There are also the data protection implications to consider when moving to the cloud, he added.
“Our platform is allowing businesses throughout Ireland to manage a wide range of IT security functions simply via a single integrated management console,” Venessa Chin, AVG Business
Next year will see more legislation in relation data protection and this is also predicted to have a significant impact on the security implementations of Irish organisations.
“In 2015, new data protection regulation should be coming into play, which will have more serious penalties,” said Fay. “I would see 2015 as being a year for data protection coming more into play.”
Data protection concerns have also made organisations more interested in encryption.
Encryption is a central focus for many, said Sophos’ Hayden. However, in his experience, he said that this is interest ahead of purchasing. Hayden said that for many organisations, they do not yet see how to implement encryption without upsetting business process.
“People are looking outside of where encryption would have been before,” he said. Organisations are looking beyond the obvious for encryption, beyond laptops and smart connected devices, to things like Dropbox, for example.
“In-house departments do not have the time and deep technical skills needed to integrate and then manage on an ongoing basis multiple security products and platforms. As infrastructure and threats become more complex then there is a risk that updating and changing one system can potentially open vulnerabilities elsewhere,” Rob Paddon, Trilogy Technologies
Encryption is being looked at, said Hayden, for wherever the data lies or is used. Organisations are interested in “making the data secure, wherever it is.”
Darragh Fegan, channel manager, Symantec Ireland, said that as a result of trends such as bring your own device (BYOD) and choose your own device (CYOD), organisation’s critical data is constantly on the move and needs to be secured in the event of theft or loss.
“At Symantec, we have identified that encryption of data at rest, as well as data in transit, is becoming more and more of an imperative. Symantec offers a comprehensive solution securing data at rest and in motion with an offering that can be tailored to organisation’s individual needs without intense management overhead and the strong standard of PGP,” said Fegan.