FEATURE: 2016 INDUSTRY PREDICTIONS
Building the new security
stack
There is a realisation that the wave of
new operating systems and devices
arriving from the consumer space, with
iOS and Android leading the charge, are
here to stay in the corporate IT world.
What started out as BYOD projects or
in some cases ignored by formal IT has
become a fundamental component of
the landscape, which cannot be ignored.
This shift is forcing organisations to
fundamentally redesign the security
stack. The old mind-set of company
owned and controlled devices created
a desire for rigid device builds and
software stacks, often underpinned by
PKI and fixed VPN requirements.
Instead of Identity Access Management
(IAM) being viewed as a standalone
asset, in the future, it will be joined by
Enterprise Mobility Management (EMM)
as part of a coherent and seamless
security stack. Analyst firm Gartner
predicts that by 2017, EMM integration
will become a critical IAM requirement
for 40% of enterprises, up from fewer
than 5% in 2014. The new security
stack also needs to take the cloud
into account but the likelihood is that
security systems will stay in-house as few
organizations are willing to outsource
control of the keys to the kingdom.
Switching to an identity and
device based model
According to 2014 research by Global
Workplace Analytics roughly half of
the US workforce holds a job that is
compatible with at least partial telework
and approximately 20-25% of the
workforce teleworks at some frequency.
This statistic has similar comparisons to
other developed nations. Yet teleworking
is only half the story. Mobile access to IT
is on the rise from using remote systems
during customer visits to collaboration
with partners; access to IT needs to be
more flexible. What has gone from a
physical, location centric activity is now
shifting towards an Identity and device
based security model.
A great example of this trend is the
use of the smartphone within 3 factor
authentication schemas gaining
www.intelligentcio.com
popularity with Internet banks. Looking
forward, more organizations are going
to start to look at the security benefits
offered by mobile devices that are
generally tied to a single user. This
requires acceptance that BYOD is more
than just a fad and a slight shift in mindset that embraces rather than fights
against more freedom of IT access.
With all the very public security breaches
at household names, users are actually
more accepting of security measures
insisted upon by an IT department that
make their personal/work devices more
secure. Considering that human error is
consistently a top root causes for security
breaches, 2016 will see an increase in
the number of very large organisations
that start to mandate Enterprise Mobility
Management across not just one device
but every device that a user interacts
with and can have an impact on the IT
environment.
RIP passwords
Passwords are still the cornerstone
of much of the security process. But
passwords as the primary security
method are just a bad idea. This can be
proved with a simple test: Think of your
internet banking password, Amazon
password, PC login password, email
password and now a birthday that is
special to you.
If two of these things are the same or
very similar; then there is a problem.
Considering breaches that steal
sensitive personal data and login
credential are often not discovered for
many months and in some case are
never discovered; it is not surprising
that this data then leads to further
breaches and is