Predictions of increased spending, killer apps and silver bullets always accompany year-end in the IT industry.
In an environment of increased legislative interference and greater risk on the electronic front, companies need to look beyond the traditional annual forecasts and consider the infrastructure risks that lie ahead in their strategic planning processes.
Examining the corporate risk landscape, Amir Lubashevsky, director of Magix Integration, offers 10 risk management issues companies will have to face in 2007.
1. Legislation and data privacy
Globally, 2007 will see more legislation trying to enforce data privacy while in the real world there will be less privacy than ever before. In South Africa, the new compliance laws will slowly gather momentum and become enforceable. As is currently happening in the US with respect to stock option allocations, we may see a run on prosecutions late in the year with many executives finding themselves in the dock.
2. Network bridging
The proliferation of wireless networks, whether WiFi, 3G or even GPRS, has created a security headache that could allow easy unauthorised access to corporate networks (see www.wardriving.co.za). Corporate leaders are going to have to become aware of the risks and take the appropriate action to minimise the chance of someone being able to easily access their networks.
3. Identity theft
The hype cycle for identity theft is only starting. In 2007 we will see more hype focused on selling products that purport to prevent identity theft, as well as an enormous increase in real-life scenarios where people have been scammed.
4. Mobile devices
2007 will bring an increased combination of mobility and security issues. It is far too easy to attach a device to a computer and therefore a network and then load malware or steal data. A new USB storage device, for example, has been introduced that allows people to boot into an operating system directly from the device.
5. Network control and IP convergence
Executives should expect to see the number of devices wanting to connect to the corporate network soar as everything converges onto the IP platform. These risks need to be addressed at the highest level so as to afford easy access to authorised people, but prevent access to everyone else. Companies need to take control of their communications infrastructure in the knowledge that mobile phones and other devices are simply part of the network from now on.
6. Dishonest mid-level managers
As we know, the greatest security threat businesses face comes from within and the greatest internal threat comes from mid-level managers. These people are given authority and access as part of their jobs and some abuse this trust for their own personal gain. Fortunately there are tools available to control this type of criminal activity; unfortunately, due to political factors these tools are not always implemented. Legislation will demand companies use these tools to look after their data properly.
7. Low usage of encryption
Few companies encrypt data as a standard practice. In the past, this technology was complex and cumbersome to implement, but this excuse is over. Encryption technologies now slot seamlessly into almost any infrastructure and take no noticeable additional overhead. I expect to see a dramatic increase in the use of encryption in all areas, from automated hard drive encryption to file transfers, e-mails and even when copying data to and from mobile devices.
8. Convergence of hardware and risk management
The convergence of risk mitigation technologies will provide a more unified approach to risk management, but vendors must be careful not to add complexity to their solutions. Service providers able to offer converged solutions that operate simply and integrate seamlessly will be in the risk management driving seat.
9. Corporate governance, compliance and awareness
Fortunately, or unfortunately depending on where you stand, we will see an increase in the number of compliance and governance laws being passed in 2007. More legislation means more hassle and more costs for companies that have not automated as much of their governance and compliance processes as possible.
10. Poor adherence to internal risk parameters
In the past, companies have taken the easiest path when it came to risk management. Staff worked on a trust basis and not under the watchful eye of automated monitors. In 2007, more executives will realise the folly of this philosophy, the impossibility of manually monitoring employees and the absolute necessity of automated security and risk management tools. Those that don't will continue to expose their companies to unnecessary risks and themselves to litigation.
Share
Editorial contacts