|
LAS VEGAS: Burton Group, the IT research firm focused on in-depth analysis of enterprise infrastructure technologies, has released a report that highlights the top IT security issues enterprise organizations should watch.
In the report, Dan Blum, senior vice president and research director, states that the threat environment is much more sinister, in which the majority of externally originated attacks are not just criminal in nature, but targeted and intentional. This combined with compliance, software consolidation, mobility, and service-oriented architecture (SOA) calls for enterprises to focus heavily on effective security governance.
"Enterprises are not only under pressure from cybercrime and insider abuse, but are facing increasing and evolving compliance demands -- highlighting the importance of establishing effective and measurable security programs," says Blum.
The report also points out that the security software market is going through consolidation and change, as major vendors increase R&D, integration and acquisition efforts. Large platform vendors such as Microsoft, Cisco, Novell, Oracle and EMC are entering the market with their own offerings, even as traditional software security specialists such as CA, Checkpoint, IBM, McAfee, RSA and Symantec step up their efforts.
Blum speculates that there is also considerable funding and opportunity for innovation, especially as organizations are adopting mobile computing technologies on a massive scale and moving towards zoned network architectures featuring internal perimeters.
Vendors are building converged perimeter devices. Carriers and service providers are becoming more assertive in the information security services market. Organizations are taking various approaches to the problem of network admission control for mobile and local devices.
Another tipping point in the industry is application security. SOA heralds a sea-change in software deployment and efforts are underway to secure web services.
The need to increase identity assurance is recognized across multiple industries. Provisioning deployments are proliferating and identity federation is ready for prime time. More enterprises are turning to role-based access control and fine-grained authorization to enforce data and application restrictions and comply with a variety of regulations.
"Organizations are under the gun to build a security management 'control layer' that can control and monitor a welter of mismatched, feature-crammed technologies and tools," says Blum. "Wider use or improvement of existing standards and creation of new standards for control and feedback is imperative to facilitate interoperability among these systems."
With so much to consider, Blum emphasizes that security technologies must be deployed in accordance with a well-thought information security architecture. "Enterprise technologists must look beyond the confusion to build an effective security control layer and to construct a comprehensive information security architecture."
|