Security, especially in connection with cloud-based services, will be among the top IT trends likely to disrupt the market in 2015, according to a report from analyst firm 451 Research. Unfortunately for both enterprises and their stakeholders, security will continue to be driven mostly by reactive -- rather than proactive -- forces.
The other "6 Cs of 2015" that 451 Research foresees as dominant trends in the coming year include containers, convergence, closets (as in server closets), crowd workers and coexistence, which involves data management moving from an area led by IT pros alone to one accessible to other users via self-service and visual analysis tools.
"The growth in IT and mobility means that security will follow suit, roughly two years behind," noted the 451 report. "Not only are new products coming along to match IT developments and widespread vulnerabilities, but they're also all claiming to be complementary to the existing security. This will cause enterprises to pile on more layers in the coming year."
Visibility is Key
We reached out to Adrian Sanabria, Senior Security Analyst at 451 Research, to learn more about what 2015 might bring to an IT environment that has already experienced numerous security shocks this year.
"One of the keys here is really visibility," Sanabria said. With traditional IT tools -- and even some of the "hottest" new security solutions -- it's difficult to have "any idea of what's going on in your environment at any time," he said.
In the case of cloud security that means many enterprises will continue strugging to get the insights they need into how employees connect with their IT infrastructures and access and share company data. Early on, many organizations thought the best solution to BYOD (bring-your-own-device) challenges was through mobile device management, or MDM. The MDM space, however, has quickly become commoditized as it's become increasingly clear that it's more important to manage access to data rather than devices, Sanabria said.
One of the biggest challenges with IT security stems from simple human nature. "I think people do a really good job of telling themselves, 'My company is different because of X, Y and Z,'" Sanabria said. For the vast majority of organizations to stop reacting and take a proactive approach toward security, "it has to touch them personally," he added.
Slow-Motion IT Disasters
While he dislikes the Pearl Harbor analogy many in the IT industry make -- that is, the suggestion that most organizations won't treat security as seriously as they should until disaster strikes -- Sanabria agreed that only major incidents seemed to spur most people into action. Another problem is that IT disasters are often drawn-out, slow-motion events that could have been detected and prevented much earlier, he added.
Sanabria pointed to the ongoing fallout from the massive hacking attack on Sony Pictures Entertainment, noting "the amount of time it must have taken to move terabytes of data." The volumes of information involved suggest the hackers, whoever they are, had access to Sony's internal systems for a long time before the first stolen movies or internal memos were ever leaked onto the Internet, he said.
That's where visibility comes in, he said. IT attackers are clearly moving around unseen in their victims' systems for long periods of time and the breach detection solutions that organizations are relying on aren't catching that activity. "It takes hackers hours to respond to a change in the environment," Sanabria said. "It takes organizations years."
In Sony's case, Sanabria said it's the first mega-hack that's really focused on hurting or destroying a company. With the theft and release of everything from ex-employees' Social Security numbers to private keys for signing documents to internal legal memos, it's not just Sony Pictures' problem any longer. "Visibility is the core to doing better and solving some of these issues," he said.