IBM Security Technology Outlook Report

This content is a summarized version of the report "IBM Security Technology Outlook: An outlook on emerging security technology trends"
##CONTINUE##
To promote awareness of potential security challenges, IBM has developed the Security Technology Outlook (STO). The IBM STO identifies nine important trends and technologies that will shape the security environment over the next five years. These trends range from virtualization, cloud-enabled services and Software as a Service (SaaS) to the explosion of multiple digital identities and the proliferation of mobile phones and PDAs as access points to the Internet.

While most vendors focus on and manage one area of risk, IBM's approach is to strategically manage risk end-to-end across all areas of the organization. This allows organizations to better understand and prioritize risks and vulnerabilities based on their potential to disrupt critical business processes. The IBM Security Framework identifies five key security areas including people and identity; data and information; application and process; network, server and end point; and physical infrastructure.

In addition, IBM also highlighted nine main drivers for security requirements in the future. They are:

• A Highly dynamic IT environment that can respond efficiently to elastic scalability demands
• The ability to use electronic identities for sensitive and mission-critical purposes
• End-user demands for more control and self-determination with their online identities
• Secure, reliable, flexible and composable applications that can facilitate a rapid response to changing business needs
• Accommodation of the organization's desired level of control of the IT environment
• A risk-based approach to managing IT security and its contribution to operational and business risk
• Mobile devices to be a secure source of identity and a business platform
• High-risk decisions based on secure, high-quality information sources
• IT systems that can sense and respond to the real-world environment

The identified trends in IBM's Security Technology Outlook report are as follows:

1) Securing Virtualized Environments - How do businesses meet standards for securing massive and dynamic resource sharing with virtualized and cloud computing? One way is through a highly dynamic IT environment that can respond securely and efficiently to elastic scalability demands.

- As part of our ongoing commitment to stronger security within virtualized environments, IBM Internet Security Systems (ISS) Proventia offerings have been extended to virtual form factors; IBM Tivoli Access Manager for Operating Systems is providing capabilities to monitor privileged user activity in VMs, and IBM WebSphere DataPower SOA Appliances will provide security protection to applications running on virtual hosts.

2) Alternative Ways to Delivery Security - As security delivery choices proliferate, pre-packaged security capabilities such as real and virtual appliances, cloud-enabled services, managed security services and SaaS become more important.

- Managed Services could also be an alternative way of delivering security services in an organization. The current implementation for security Managed Services, though still at a growing level only due to most corporates' preference not to outsource such a function, is expected to grow, especially given the current budgetary pressure. Organizations are expected to look to Managed Services as an alternative to be able to maintain the security requirements.

3) Securing Mobile Devices -- Mobile devices are becoming a trusted channel for

conducting business and a primary means for authentication. Soon mobile devices will act as identity providers and initiate significant financial transactions. Hence, security on this varied number of devices will assume great importance, especially with the increased dependence and usage of such devices in the modern workplace.

4) Managing Risk and Compliance -- The ability to manage and govern risk and compliance will continue to have a major impact on security strategies. The new role of the Chief Information Security Officer (CISO) demands a well-governed, business risk-based and policy-driven approach to managing IT security.

- Implementing regulatory requirements in an organization is just the first step; the difficulty is always in terms of tracking to report if these measures have been executed. It becomes more important for organizations to look for ways to track their compliance status, especially due to increased reports on companies getting into trouble with the law, due to their inability to perform such tracking and reports.

5) Identity Governance -- As the number of digital identities per individual continues to multiply, there is a need to improve trust and control in identities across and beyond a business or governmental organization.

- We also see that due to the rise in internet banking, banks are fast adopting new security technology such as the 2-factor authentication, to better safeguard their user's identity, a key requirement for their users

6) Information Security -- The need to improve trustworthiness of data and assurance so that high-risk decisions are based on secure, high-quality information sources.

7) Predictable Security of Applications -- The evolution of Web-based composite applications and the resulting rise in vulnerabilities provide a need to secure composite applications through the full software lifecycle. The ideal result is secure, reliable and flexible applications that facilitate a rapid response to changing business needs.

- Due to the increased use of web applications, new security threats have been seen and applications are facing greater exposure to these new threats. As a result, corporates understand that it is no longer sufficient to just have firewalls, anti-virus solutions and the like. They now need to constantly test the vulnerability of the web applications using security testing solutions from AppScan (Rational) and ISS, before such applications go 'live'. Another focus would be to protect it during the operational phase as well.

8) Protecting the Evolving Network -- As network security evolves, organizations will need real-time security in high speed networks with protection against the rise in application-specific attacks.

9) Sense and Respond Physical Security -- IT and physical security are converging; together, they must sense and respond to real-world events. Efficient physical security and decisive action are enabled through digitization, advanced analytics, correlation and automation.

-----------------------------
BY N/A
Source：NMG

Privacy Policy (c) 2009 NMG News Co., Ltd.