Cloud computing, despite drastically reducing IT complexity, is adding complexity to the security model. Modern networks have transcended traditional walls and organisations have essentially become ‘borderless’. Data centre infrastructure is becoming increasingly converged – even hyper-converged – and security architectures need to follow suit; they can no longer effectively operate as silos. In fact, in this new world of ubiquitous connectivity, information security is foundational to enabling organisations to achieve maximum value from these connections and must be a top priority.
The good news is that CIOs are taking note – Australian CIOs have for the first time cited security as their top concern across all areas of IDC's 3rd Platform technology pillars: Big Data, mobility, cloud and social for business. According to Lawrence Pingree, research director at Gartner, while these technologies are creating new opportunities to improve effectiveness, they are impacting security in terms of new vulnerabilities. As organisations become more threat-aware, Gartner predicts a surge in worldwide information security spending. This year alone, spending is forecast to grow by 8.2 per cent to reach US$76.9 billion. By 2016, it will reach US$86 billion. A new approach to securing the enterprise is needed, one that aligns with broader business goals (we’ve just released a practical how-to guide on this very topic – download it here). This need for change all comes down to four trends:
Industrialisation of hacking
Digital technologies present enterprises with unprecedented innovation opportunities, but they also present opportunities to hackers. As networks evolve to become more virtualised, they are constantly creating new attack vectors such as mobile devices and applications. What’s more, as technology has become more sophisticated, so too have cyber attacks. With significant money to be made, hackers have become standardised, mechanised and profit driven. This ‘industrialisation of hacking’ is creating a faster, more effective, and more efficient criminal economy that is profiting from attacks to our IT infrastructure. It’s no longer a question of if these attacks will happen, but when, and organisations are struggling to keep up with rapid changes in techniques by cyber criminals as they switch to increasingly malicious campaigns.
Growth of zero-day exploits
A zero-day vulnerability refers to a security hole in software – such as browser or operating system software – that is yet unknown to the software maker or to antivirus vendors. It is called ‘zero-day’ because once a flaw becomes known, the programmer or developer has zero days to fix it. These types of flaws are among the most dangerous and prized by attackers since patches aren’t available from vendors. Zero-day exploits reportedly spiked in 2014, but don’t appear to be slowing down. In the last month alone, vulnerabilities have been exposed affecting Microsoft Windows, Mozilla Firefox, and most recently, Google Android.
Prevalence of shadow IT
Initially, shadow IT was concerned with mobile devices, and many organisations implemented BYOD and/or CYOD policies to manage the diversity of end points entering company networks. Now, shadow IT has evolved to include enterprise grade software and hardware which is increasingly being sourced and managed outside of the control of business IT departments. However, a recent Cisco report states that CIOs are vastly underestimating the extent of shadow IT within their organisations; the typical firm has on the order of 15 to 22 times more cloud applications running in the workplace than have been authorised by the IT department. If CIOs aren’t aware of the technology that’s being used, they aren’t able to manage it.
The rise of the Internet of Everything
CIOs are facing a huge impact from the Internet of Things (IoT) on their digital and information security. The enterprise IoT sector is growing as organisations realise the importance of handling Big Data and incorporating Smart Analytics in their IT systems. By 2019, spending on enterprise IoT products and services will reach US$255 billion globally, up from US$46.2 billion this year. However, with the vast amount of extra data afforded by the IoT comes extra security vulnerabilities. IDC predicts that by 2016, 90 per cent of IT networks will have an IoT-based security breach.
In a world with no parameters, security can no longer function as an add-on. Enterprises need a flexible business-centric security architecture – the security function must be ‘baked’ into an organisation’s infrastructure and services.
Learn how to effectively secure your enterprise in this changing technology landscape by downloading our new how-to guide, ‘Security in a world with no parameters: A business-centric security architecture’.