The security spend of Irish businesses is rising steadily due to a number of factors according to experts in the field, with a heavy focus on consultancy, penetration testing and audits, alongside obvious additions of security applications, becoming common.
Among those in the industry who are encouraged by the current willingness of companies to spend wisely is Simon Godfrey, director of information security, risk and compliance for CA Technologies. He commented that, “Customers continue to spend on traditional security consultancy activities. These include advising customers who are preparing for outsourcing or taking on board new third party or cloud-delivered services into their business and also new product or technology selections.”
Brian See, director of technical services and operations, Caveo Information Systems, made the point that “traditional” security requirements still help define where consultancy services are needed. Under this banner See grouped areas such as product technology training, systems health check and upgrades to latest platform.
“In the medium to corporate enterprise business market, customers are still looking for high assurance that their systems are operating efficiently and securely,” said See. “Also, as resources are scaled limitedly in most divisions for IT, coupled with the growing evolution of product version releases, customers are finding it a great struggle to keep up with knowledge-hence, why knowledge through training has become important.”
INTEGRATED SOLUTIONS
Seeing things in a similar black and white manner, Renaissance’s MD, Michael Conway believes that customers are looking for “a couple of key things in 2011”. Conway stated that one of these is the age old quest for value for money.
Explaining a little further he noted, “That is value for money and tending towards the cheapest – but (customers) are not interested in the whole installation/de-installation process unless the savings are very significant. Customers,” he said, “are also looking ultimately to integrated solutions and are spending money in solution evaluation in order to position themselves as best as possible.
According to Conway, the other area they are looking into heavily is long term stability and consistency of service. “They don’t need risks in such a key area and probably now are starting to act appropriately,” he said.
RESILIENT
ThreatScape founder Dermot Williams made the point that while the economic situation has taken its toll on IT spending in all areas, IT security has probably been more resilient than most. First of all, he said that there are the simply essential areas like perimeter security and endpoint protection along with malware defence which “cannot be ignored”.
He continued, “Next there are technologies which are business enablers and/or drivers of cost reduction – virtual private network (VPN), secure remote access, cloud services and so forth. Then, because of the flurry of high profile cases of data loss due to human error or deliberate data theft we’ve seen a marked uptake in interest in related areas such as encryption, NAC (network access control) and DLP (data loss prevention).”
MOBILE DEVICES
For his part, Espion’s co-founder and director of sales, Jim Lehane said that “comprehensive audits” of overall IT infrastructure are the order of the day for many customers, as they “look at where they can improve their overall security posture”, which means reducing both capital and operational costs.
It is not only about the security technology itself, customers look for guidance on how best to leverage the functionality on offer in the context of their organisation, he pointed out. In turn, Lehane said that customers have been enquiring more and more about areas such unified threat management, data protection and mobile workforce management.
On the latter, Lehane commented that, “Whether they are company issued or not, the latest smartphones, tablet computers et cetera are all going to be plugged into the corporate network. It’s data on the move and companies need to ensure they are able to secure it. Policies on device usage, access management are all part of managing a mobile workforce.”
This was a point also touched upon by Godfrey who commented that, “Interestingly, consulting services are being taken to advise customers on how best to refresh technologies that are associated with remote and mobile working”.
He added, “Given the explosion of smart mobile devices and the proliferation of high speed internet connectivity, many companies are looking to reduce costs but improve ease of use, flexibility of device support and maintain or improve security for their users, partners and customers. Moving from IPSec VPN to SSL for example, and moving from hard token-based authentication to software-based strong authentication and risk-based authentication and authorisation to further reduce the possibility of fraud or misuse of system access.”
LACK OF CONTROL
Ken Bagnall, managing director, The Email Laundry, would also weigh on the danger presented by a mobile workforce – dangers that will only increase over the coming years. “One of the main security flaws in organisations has been the mobile workforce and the migration of laptops in and out of the office environment,” he said.
“In surveys we have conducted across companies who had virus infections on their corporate network, of the ones who could identify the problem, they all claimed the problem came from a laptop that comes in and out of the network.”
He added, “This is due to a lack of control over those laptops when they go home or to hotel and coffee shop Wi-Fi networks. All the companies involved indicated they would spend money to reduce this risk.”
FUTURE
For his part, Sean Rooney, technical director, Integrity Solutions commented that while mobile device security is a major concern for organisations at present, he added that the next year to 18 months will see even more focus fall upon this area.
“When employees see the remote working capabilities of these devices, they want to use them in the workplace,” he said. “However many organisations don’t have the technology to securely allow employees to use this technology for work.
“Not being allowed to use the technology is met with great resistance from the users, and this is especially problematic for an organisations security team where the higher level executives want to use the technology. There are some solutions in this area currently, but I believe that there will be significant development in this area in the near future.”
As for further security services development, he would add that there is “some movement” in the area of log consolidation and event correlation and alerting. Organisations are “possibly coming to realise” the benefits of having up-to-the-minute knowledge of what is happening on their networks and if there is any anomalous activity going on, he added.
Talking about the future of security services in a similar vein, Neil Stone-Wigg of Trilogy said that “borderless security” will be a big theme this year and next. “Locking down a traditional network or infrastructure is now only half the battle – the mobile workforce, with smart mobile devices, has ensured a geographical or physical lock-down does not do the job,” he commented.
“So, tracking the profile of the individual, and then based on the confirmation of who that person is allowing that individual to various areas of an infrastructure, is the new way to correctly lock-down a network. Organisations will have no choice but to address these issues. Solutions from market leaders such as Cisco are already addressing these needs,” Stone-Wigg added.
PERSONAL MANAGEMENT
Looking to the rest of 2011, not to mention 2012, Espion’s Lehane is confident that a lot of attention will be paid towards personal security management. As privacy and ID theft have become a concern, he believes that individuals need to be able to address their digital footprint – i.e. the information about them that resides online – so they can identify and address any content that puts them at risk of ID theft.
“Apps that audit user profiles in LinkedIn, Facebook et cetera, will help users change setting information and profile data supplied to protect them from ID theft,” he commented.
Conor Flynn, technical director with Rits Information Security Specialists commented that both the threats and opportunities of social media can provide headaches for security experts. “For a long time, social media has been an anathema for many IT security departments as they look at it only from the threat and productivity perspective, however a lot of organisations now are beginning to open up to the view that social media may be useful from a commercial perspective.”
He continued, “It’s a necessary evil for a lot of companies, I’ve seen quite conservative companies, or at least that’s what they would have been thought of in the past, really engage in social media and other online channels. There are security challenges there but you really have to deal with them head on and that will be a big area of development in the next year.”
In the opinion of Renaissance’s Conway, the key developments within security services over the next one to two years will be around the consolidation of solutions. He sees the major security vendors delivering “their promised integrated technologies and solutions”, meaning that in many cases there will be one console managing the delivery of the IT Security solution.
“None of this is new and ground-breaking,” Conway would add, “but the major manufacturers have made many acquisitions over the recent years and we should see the fruit of their investments and the huge work which went into the integration of their solutions.” He also added that the delivery of these integrated solutions will have two major effects.
CLOUD & VIRTUALISATION
One of these, according to Conway, will be that the marketplace will effectively become two-tier with the major vendors delivering solutions which will work with the business and which will develop and meet the needs of the business. The other knock-on effect will be that “controls will be significantly improved and integrated solutions should give unified experiences”.
“The long awaited delivery of these solutions will give multiple views of the environment and will enable tighter and more successful monitoring – it does not have to be big brother.”
ThreatScape’s Williams would add that products related to securing cloud and virtualisation assets are definitely a hot topic for the future. Security services which can be delivered via the cloud are also growing rapidly, he said while noting that vendors like Dell are making sizeable acquisitions as they jockey for position in that space.
“Security event management (SEM) is another area of growing importance. Companies want the freedom to choose the best available solution for each part of their IT security infrastructure. But they want to keep their IT security workload manageable.” Added Williams, “SEM helps to consolidate multiple alert streams into a single overall view of security status.”
Agreeing with Williams that the cloud and virtualisation will become growing concerns for IT security departments all across the country, Joe O’Reilly from IT Force said that, “in relation to the cloud. I think we’re still in a learning course and there’s still a bit of a doubt as to how secure the data is”.
O’Reilly concluded,”It can be very easy to technically prove to organisations that the data is more secure than ever but there is a doubt whenever information is secured outside a client’s four walls. There is some potential threat risk to their data and assuring clients that it’s a more robust solution will be a big theme this year and onwards.”
Subscribers 0
Fans 0
Followers 0
Followers