IT Security Will Become More Proactive
Reducing security breaches is a priority for CIOs, and the security industry is addressing it by becoming more proactive as it moves to the next phase of its evolution, according to Gartner. Since the personal computer appeared in businesses in the early 1980s, the information security industry has evolved through two phases, and now is moving into the third phase, according to John Pescatore, vice president and distinguished analyst at Gartner, at the Gartner Symposium/ITxpo in Orlando. This next phase will integrate security into each new wave of technology when it enters the market, as opposed to responding to an attack after the fact. "[Security will be] about building security as employees' needs move forward--not chasing them," Pescatore said.
During the first phase security was maintained by dictating what employees could do, and the IT department controlled computing power and data. The second phase of security fell behind employee-driven IT trends and resulted in hackers and cybercriminals successfully exploiting tech vulnerabilities to impact the business, followed by CIOs reacting to each new threat by applying a point product to shield the vulnerability from attacks.
Now, security leaders will begin installing measures into each new wave of technology when it enters the business, as well as into each new business process. "Going back to the first phase of security is not an option--increased consumerization of IT, increased mobility, and new trends, such as Web 2.0, mean users will gain more control, not less, at the most successful businesses," Pescatore said.
The task for IT leaders during this third phase of security is to keep up with the pace of business while reducing the overall cost of security to the company. IT leaders will need to establish security standards and architectures so that new business systems can implement security controls and integrate them into security processes. "Companies should manage the selection of IT and IT security vendors to focus on the most effective solutions, not the best-of-breed on a single product basis, but not on a single vendor either," Pescatore said. "Choose the best security platforms, while maintaining a separate security control panel to allow fast reaction to new threats."
McGruff Sinks His Teeth Into Cypercrime