Johannesburg, 18 Jan 2008
Compliance, employees and identities will raise the most issues in security this year, according to a prediction by Novell.
"Let's face it, even though the Internet has made it easier to get information and services, it can be an uncertain place to compute," says Lewis Taljaard, business unit sales specialist at Novell.
"Every day, criminals are unleashing malware, worms and spam, hoping to pry loose confidential information for monetary gain.
"To prevent the criminals from succeeding, chief information security officers (CISOs) will continue to spend huge amounts of resources on global IT security."
Taljaard highlighted some areas where CISOs will focus a major portion of their security budgets in 2008.
Shaping up
"The alphabet soup of compliance regulations is a major pain point for enterprises. In the past few years, increasingly strict deadlines for global compliance laws have forced companies to re-evaluate their security practices," explains Taljaard.
In 2008, businesses can expect the government to become even more involved with compliance standards.
"CISOs will be asking: 'How can I prove to auditors that I am compliant and how can I simplify the process?' Technology that can automate and validate network activity to meet compliance requirements will grow in importance," he says.
Insider threats
"As the workforce calls for more collaboration, file-sharing and mobility, employees are increasingly putting their companies at risk," explains Taljaard.
"Laptops, PDAs, USB drives and multimedia devices often contain confidential work information and sensitive personal data. And because of their size and mobility, it can be easily lost or stolen. CISOs will increase password protection, encryption and personal firewalls on these devices to remediate security breaches."
He says an employee attempting to exceed access privileges is also a security threat. "Whether it is to better perform job responsibilities, or there is malicious intent, CISOs should know who is accessing what inside the network; and who is granting that access.
"There will be a renewed focus on analysing the ways employees are using systems and revoking access when employees go beyond their authorised scope."
ID theft
In order to combat ID theft, stronger authentication combined with better validation is a necessity, says Taljaard. "Authentication methods that depend on more than one factor, such as personal identification numbers or biometrics, can be more reliable and are stronger fraud deterrents. If the only thing between you and your bank account is a username and password, that is a cause for concern."
Multifactor authentication will also drive a stronger push toward converging IT security with physical security. "Right now, converged security, also known as identity assurance, is primarily happening in the government sector. But, in 2008, more banks, retailers and healthcare facilities will begin using access cards and tokens to tighten access security and prevent ID fraud."
Meeting compliance, combating insider threats and preventing identity theft are not new security challenges, but these are issues that continue to persist. "In 2008, expect to see businesses investing in the right combination of technologies to prevent them - such as creating stronger connections between identity management and security event monitoring, and integrating identity management into endpoint security tools," he concludes.
Related stories:
Security still a concern in 2008
CA forecasts online threats
Looking back on 2007
AVG forecasts security threats
Share