Every year CA Technologies polls its security experts for their predictions on what to look for in the coming year with respect to prevailing threats and industry shifts. According to the latest report, in 2011, IT security professionals will need to step-up their battle against the insider threat and leverage Identity and Access Management to shift the view of security to that of an enabler for cloud adoption.
“The 2010 Verizon Data Breach Investigations Report showed that the percentage of breaches attributed to insiders more than doubled over the previous year to 46 percent, and we expect that trend to continue,” said Tim Brown, Senior Vice President and Chief Security Architect, CA Technologies.
The insider will be the next attack vector. Today, companies have better and more sophisticated security. It may now be easier to social engineer the insider than continually create new malware to combat better security. WikiLeaks showed us that the insider is a direct line to sensitive data which in the end is more valuable and potentially lucrative data. There are larger amounts of high quality data in a company compared to information associated with an individual, and more access points to get in as companies open up social networking sites to the enterprise and employee mobility increases.
Organizations will begin using behavioral analysis to predict threat from the inside. There is case study research in this area that examines the psychosocial factors that can contribute to an insider breach. This data could be used to create predictive models that correlate psychological profiles or behaviors to insider breaches or crime.
Identity and Access Management will shift Security perception from cloud barrier to cloud enabler. Organizations will change their perception of cloud security as stronger, more advanced Identity and Access Management (IAM) security options are deployed by both cloud providers and as cloud services. Cloud providers will realize that to continue their growth, they have to provide enterprise-level security to their clients, and they will therefore strengthen the identity models associated with their cloud service. IAM delivered as a cloud service also will give organizations the option to more easily adopt and deploy various identity-related security capabilities to strengthen their security profile and bolster confidence in secure cloud use.
Companies will improve information security by linking data and identities. They will realize the need to make access and information use policies identity-based. This realization ushers in next-generation IAM and makes IAM content-aware. Traditional IAM stops at the point of access; Content-Aware IAM goes a step further to not only help control identities and their access, but also control what they can do with the information based on their identity.
Nation state attacks will grow. There is a reason the government is placing increased importance on cyber warfare. Crippling our infrastructure would be highly disruptive. Attacks on the technical supply chain by way of compromised hardware and insecure software, or attacks similar to Stuxnet, could be viewed as a nation state attack, added the report.
No comments:
Post a Comment