Security Will Dominate IT Conversation in 2014
As we wind down 2013, I began thinking about the 2014 predictions that I usually make sometime in December. But Virtualization Review asked me to write a predictions column for the printed edition, which accelerated the process this year. While my predictions in the print edition are a subset of what I will be blogging about online, one prediction stands out from the rest for 2014 and I am betting it will dominate--and in fact, lead--the IT conversation.
We are undergoing a massive shift in the way we use technology, so much so that I could without exaggeration say there is a lot of chaos surrounding our projects. We have broken so many previously conceived best practices and we have made so many exceptions to cater to the changing landscape. Even then, we have not stopped to establish new security best practices, to rethink existing strategies and refine them. As a result, we are more vulnerable than ever before to security attacks.
The proliferation of smart devices mixed with the adoption of public cloud services are responsible for this security threat. Things have progressed so fast that we have not taken a step back and thought about whether perimeter security is still the best approach. While some enterprises have taken some steps and asked some questions, most have not. And even the enterprises that consider themselves security-aware have taken limited steps in rethinking security in today's landscape.
In 2014, I am thinking Mobile Device Management will make a come-back, not because it is necessarily the right tool to use but because we might see an outbreak in mobile device malware attacks. It only makes sense that the people who have been writing viruses or malware for PCs will naturally try and attack the device with the most widespread use and the least security on it. Heck, let's just say it: There is practically no security on our devices. Is MDM the right solution? Possibly, but there are other approaches as well.
I don't need to tell you about security in the cloud, but I do want to highlight one thing: While I believe security in the cloud is critical and so is understanding how to leverage security in the cloud, what to look for, what to ask your provider for, and so on, I strongly believe that Amazon AWS, Microsoft Azure and others can handle security ten times better than we can at an enterprise level. If you look at it strictly from a capacity perspective, they have teams of security professionals, the latest and greatest hardware, and so they are also in the spotlight and the target of every hacker on the planet. Security specialists should look at the risks and build policies to mitigate them.
Is your company considering a new security strategy? Are you raising security concerns around security? What is the approach you are taking and how much success have you had so far?
Posted on 12/02/2013 at 4:22 PM