Managing identity and user access, and securing application program interfaces (APIs), are among the new challenges facing IT security in SA.
This is according to Michael Horn, security business unit manager at CA Southern Africa, who notes there are now changes in the market.
"People are realising that traditional security is not a silver bullet, and some of those who bought solutions purely on the back of fear, uncertainty and doubt have had their fingers burnt. But at the same time, threats are evolving and organisations have to deal with security in the face of cloud, mobile and shadow IT. This calls for new approaches to security."
One key trend emerging is that identity is becoming the new perimeter, says Horn. "We call it the move from 'no to know'."
This is giving rise to the concept of identity as a service, through cloud-based identity management that manages identity both on premises and in the cloud, he adds.
While this model is fairly new in SA, organisations should expect to see it gaining ground because of the agility and speed it offers, notes Horn.
This model allows for single sign on to access both the enterprise and cloud-based app, with the verification taking place in the cloud, he adds.
According to Horn, cloud-based identity management is enjoying interest from stakeholders outside of traditional IT security - with the likes of digital channel heads and digital marketers looking to benefit.
"This underlines the changing role of security - it has become a business enabler," he says.
The changing environment and the emerging application economy are also driving organisations to take a fresh look at their exposure through APIs, notes Horn.
"Years ago, people spoke about monetising the information off APIs, but it was too technically complex to be viable. However, monetising APIs has become very viable by adding monitoring and billing models behind them, so securing them has become a major concern."
An area that organisations have tended to overlook in the past is access privileges and shared passwords by administrators, says Horn.
"When there are users with the keys to the 'crown jewels' and they share access, it becomes very difficult to control and hold someone accountable. Managing this access more effectively is a good way to immediately enhance security and lock down critical servers, and organisations are starting to pay more attention to this area."
However, while IT security and digital channel teams are keen to ensure the highest levels of advanced security possible, the ongoing challenge of limited resources may stand in their way, says Horn.
"We often see organisations having to reprioritise their security budgets, or delay project plans due to a lack of skills. With business moving faster than IT, organisations may overlook security as a priority, which could prove to be a costly mistake. And there appears to be a shortage in high-end security skills in South Africa, particularly in the areas of application security and identity management," he says.
Horn will address the CA IT Management Symposium 2016 on current IT security trends, challenges and solutions. For more information about this event, click here.
Share