Security to focus on cloud and virtualisation in 2010

Cloud computing and virtualisation will be the biggest areas of development in security during 2010, according to industry experts.

Cloud computing and virtualisation will be the biggest areas of development in security during 2010, according to industry experts.

Businesses of all sizes can expect increasing collaboration between suppliers as cloud and virtualisation technologies usher in a new way of thinking about and doing security.

There will be a surge in interest in virtualising client devices that allow organisations to manage computer equipment more efficiently. This will lead to the creation of "dual use" devices for work and home, said Graham Titterington, principal analyst at Ovum.

Built-in security will enable faster virtualisation and cloud adoption, but organisations must think security before any implementations, said Eric Domage, research analyst at IDC.

But businesses should watch out that the costs of authentication and confidentiality do not outweigh the benefits, warned Peter Sommer, professor of security at the London School of Economics.

Defining levels of cloud assurance for cloud services will be a hotly discussed topic, and enterprises will have the opportunity to take the lead in this process, said Sarb Sembhi, president, London Chapter of Security Association, ISACA.

But the future of IT security budgets is unclear. While IDC expects organisations to unfreeze and even restore budgets, others foresee continued cuts and constraints.

"Corporate boards will seek cuts irrespective of the fact that risks such as fraud tend to increase in times of economic uncertainty, and security managers will have a tough time persuading them otherwise," said Sommer.

Regulation and compliance promises to be another important security consideration in 2010, but organisations should be wary of compliance at the expense of security.

"We now fear the auditor more than the attacker, but a myopic focus on compliance frameworks is dangerous," said Joshua Corman, research director at the 451 Group.

Co-operative partnerships such as that between RSA and Cisco demonstrate a real commitment to security, said Domage.

More IT security predictions for 2010

  • National cybersecurity concerns will see more governments involved in IT security policy and education.
  • Cybercriminals will continue to focus their efforts on financial gain through fraud and extortion.
  • There will be an increase in interest in identity management to enable more automated inter-company collaboration.
  • Supplier consolidation will continue, particularly among mid-market and independent cloud-based suppliers.
  • Organisations will be forced to take security on smartphones and other portable devices more seriously to protect corporate data.

Read more on IT risk management