In-depth: Security predictions for 2012 part one

To get an insight into what is on the horizon in the security market next year we have canvassed opinion from several companies to find out what those in the industry think is round the corner in 2012.

To get an insight into what is on the horizon in the security market next year we have canvassed opinion from several companies to find out what those in the industry think is round the corner in 2012.

David Gibson, Director of Technical Marketing and Strategic Sales at Varonis said that it will be the year data owners take back access control decisions from IT, and demand automation to analyse data, make better decisions, and eliminate costly, ineffective manual processes.

"Just as organisations demand automation to understand their sales trends, customer base, financial habits, and other critical processes, they will demand automation to understand their data--where it should reside, who should have access to it, and how it's used. Organisations will realize that continuing on the current path will have devastating results for their businesses - doing nothing is not an option anymore," he said.

1)    Big data analytics will expand its focus to the biggest data of all--unstructured information sitting on file servers, NAS devices, and in email systems.

Gibson said: "Effective data governance requires harnessing the power of metadata through intelligent automation. It is not surprising that industry experts are now saying that the same kind of automation is necessary for more than good governance.

In order to harness the power of "Big Data," you'll need to analyse and look for patterns in how and when these massive amounts of data are used, who uses it, in what sequence, and what it contains in order to effectively run a data-driven organisation. Widely known fact: the majority of big data in the enterprise is unstructured rather than structured."

2)    We will see some IT departments taking drastic measures, such as shutting down "at risk" servers or access to e-mail if the proper audit trails are not in place.

Gibson added "One organisation we deal with has recently enforced a policy of - no visible audit trail, no email! Their iron rule is - if the auditing is not available in their email system they aren't allowed to use email. So, in other words, if the communications can't be traced and audited then they may shut down the email server. It hasn't happened yet, but 2012 may be the year servers get shut down and email withdrawn if no audit trail of access activity exists."

Philip Lieberman, President and CEO Lieberman Software, says that there is a perception gap between smart devices and smart security.

"One of the interesting dangers for businesses is the perception that the latest devices are be the most secure devices many consumers seem to believe that the last iPhone should be secure and that by staying on the upgrade cycle of the latest cool phone, they will be kept secure. Unfortunately, there is no correlation between the newness or coolness of a device and the security of your email (or other data on the device).

"There is also an important lesson: that the movement toward the use of consumer devices in the commercial world of IT  was not the cause of this problem.  Yes, Apple devices and Apple email were the prevalent theme in the breach, however the devices themselves work in a secure way on corporate secure email systems.  The core of the issue is with the Apple email provider (as well as Google and Yahoo) not providing feedback of critical changes to email accounts as well as reporting failed logon attempts.  

"We have all received alerts from our on-line banking and corporate systems when changes are made to our accounts, and in some cases these alerts come via a side channel such as a pager/SMS message.  For consumer email systems designed for  convenience and low cost operation by their owners, such out of band alerting as well anti-tampering are simply not part of their business models.

"The lesson is simply that consumer email should never be used for the transmission of personal or sensitive information.  Similarly, it is a VERY bad idea to sync your PC phone book and calendar with these free email and insecure systems as all of this information could find its way into the hands of others due to the weakness of these systems."

"Hacking, by nature, is a discipline that relies on innovation," explained Imperva CTO Amichai Shulman.  "Knowing future, potential threats helps security teams fight against the bad guys."   

The Rise of the middle man - With the increased supply and demand for compromised machines, as well as for sensitive corporate information, we predict the rise of the cyber broker. This individual matches the buyers of stolen data or compromised machines (aka "bots") with the sellers of the data (or bot renters).  In the same way stocks and investors gave rise to stock markets, hackers need a middleman.

Security trumps compliance - In the past, security decisions were usually driven by compliance.  However, in 2012 we expect to see security decisions driven by security. The past influx of laws and regulations, which drove the budget and security solutions such as PCI or SOX, were used to feed the security budget.  With the cost of a breach rising, industrialized hacking impacting many organizations and the need to protect of intellectual property, we expect to see more companies making cyber security decisions based on security.

Co-Founder and technical director for SecurEnvoy Andy Kemshall takes time to reflect on the last twelve months and gives his forecast of the security trends for the year ahead.

At the end of October we saw the world population reach seven billion. While this saw many debating if the planet would have enough resources to sustain us all, I was puzzled by a different conundrum - if there are now five billion mobile handsets in operation across the globe, a billion of which were connected in the last two years, which is growing faster? And, while it's fairly obvious which is, what will happen if the level of connections are maintained? I'll put my neck out and say I believe that, GSM will possibly match the number of people on this earth by 2013/14 and could even exceed the population growth by the end of 2014.

While many are worried by the euro-zone crisis, back here on home soil I don't see our financial situation dramatically improving - in fact things are set to get worse before they get better. For the whole population, inflation - measured by the retail prices index - has jumped by 14.4 per cent since September 2007 and businesses are feeling the pinch too. Office space is at a premium, utility bills continue to rise, fuel duty is set to put the pump price even higher, and I could go on but you get the picture. I believe people, and the companies they work for, will start to think smarter about where they work.

"The way I see this playing out is businesses looking to reduce their overheads, and employees looking to cut their spending, will both look to embrace home working. I do have some hard statistics on which to make this predication as, earlier this year, SecurEnvoy conducted a study that revealed that 82 percent more people are working from home this year than they did last year. We may even see more organisations move to become completely 'virtual'.

Let's face it, we're all grown ups so don't need constant supervision, and with technological advancements this is a viable alternative. Instead of the daily trudge to the office, employees will remotely connect to the organisation's infrastructure - securely I hope. Physical interaction will be replaced by conference calls, with weekly or even monthly creation and collaboration opportunities pre-arranged to exchange  information."

Read more on Data Protection Services