Gartner: Expect 'Major Shift' in IT Security 2013

BYOD Trends, Cloud Computing Bring Changes in Perception and Thinking

Gartner announced Thursday what it expects to be the top security trends in 2013, citing the rise of cloud computing, social media and employees bringing their own devices to work – all of which are among forces likely to produce radical changes in how enterprises manage IT security, according to an article from Network World.

Earl Perkins, Gartner research vice president, said during a client webinar that the above forces, as well as an “information explosion” in the enterprise, are putting pressure on enterprise IT professionals and vendors by “making some of the existing IT infrastructures obsolete.”

According to Perkins, Gartner analysts believe the vendors, service providers and value-added resellers of today are beginning to feel the volatility of market changes wrought by the rise of cloud computing services and new practices such as Bring Your Own Device movements and smartphone adoption. BYOD challenges “the fundamental principles by which we deliver applications,” Perkins says.

This means “consumer identities” will need to be tied to “corporate identities” in terms of authentication, authorization and other identity access and management functions, Network World reports. There will be pressure to “manage diversity” in this, Perkins added. When it comes to access to the cloud-based services, IT professionals will be trying to find ways for introducing cloud-based access and authentication to serve clients effectively in a hybrid-cloud environment.

According to the article, Gartner reports that these forces in 2013 mean the time has come to embrace new security policy ideas, such as the idea of “people-centric security” – that each person is held more responsible for security, but in which enterprise IT security staff and business managers “will respond quickly” if people who are trusted appear to have “abrogated” their responsibilities for data security or unduly challenge requirements put upon them.

This would involve monitoring and educating end users, and the trust-based approach would need to be enforced with “swift punishment for people who violate that trust,” especially when it comes to BYOD.

And while Perkins says that there is no such thing as “perfect protection,” the dialog between IT and the business user about the nature of security and what “appropriate risk” levels are has to be undertaken in earnest in 2013. Business people are not really interested in the operational metrics of IT, such as how effective patching is – their idea of metrics would involve factors such as effective, secure collaboration with supply chain partners, and the focus should be to those ends, Network World reports.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.