Corporate Data Security 2010
- Convergence Has Only Begun: Movement towards convergence of physical and logical security will continue and become the norm rather than the beta test scenario it was in 2009. While new technologies have emerged to better security efforts, “feet on the ground” in the form of security officers is still imperative. The year ahead will see greater focus on ironing out the convergence of physical and logical security, ensuring a “blend” that delivers both the greatest cost-efficiency and highest levels of security.
- “Big Brother” Oversight: Government regulations will create additional costs and impact a wider spectrum of industry sectors as it pertains to security and personal information. With continued incidents of consumer personal data being stolen, health records being released, financial scandals and more, security executives need to be out-front on compliance. They should also prepare for aggressive auditing in areas such as the Health Insurance Portability and Accountability Act, Sarbanes-Oxley, Payment Card Industry Security Standards and the Gramm-Leach-Bliley Act.
- Promise and Peril of Social Networking: A recent PC World article (“2009: Year of the Social Network”) reported tremendous growth in social networking. Last fall, Facebook logged its 350 millionth user. Experian Hitwise reported that Twitter’s September traffic increased by 1170% compared to the previous year’s monthly growth. Businesses are harnessing the power of these sites to reach customers. However, sharing data and sensitive company information via Twitter, Facebook and LinkedIn are the greatest threats seen to protecting proprietary and confidential information. It is vital that enterprises establish strict social networking policies — and auditing practices — to be followed by all personnel.
- New Corporate Security Commitment: More companies are hiring Chief Security Officers or Chief Information Security Officers. According to an October 2009 survey conducted by CIO Magazine, 85 percent of respondents said their companies now have a security executive, up from 56 percent last year and 43 percent in 2006. This reflects the greater corporate security challenges that now exist, a trend that will continue to develop.
- Strategy Combined with Intelligent Metrics: Especially in these financial times, security is required to plan, show and prove its performance. As a result, there will be increased demand for better reporting/metrics — driven by C-level executives and Board of Directors — requiring enterprise security risk management models from those overseeing the security function.
- Keeping Pace with Technology: There’s been increased deployment of intelligent end-devices in security, ones without the need for constant connectivity to a “home base.” While this trend will continue, new technology is surpassing the ability for many users to comprehend and effectively utilize it. Security leaders need to closely evaluate what technologies deliver a real return on investment vs. those that are overkill, while ensuring users receive the proper training to take advantage of the latest developments.
- Public-Private Security Strengthens: Strides have been made in establishing better public-private security partnerships, a trend that has expanded globally. Sharing intelligence is essential for continued success. The Overseas Security Advisory Council, created as a public/private partnership between the Department of State and private US corporations with a presence overseas, has enjoyed great success. Those registered with the organization can get the latest intelligence on countries for business planning. However, the newer Domestic Security Advisory Council, under the auspices of the FBI, has been slower to develop, though this should gain strength in the year ahead.
- New Frontiers Getting Smaller: Corporations are moving into emerging foreign markets, making partnerships necessary. However, these “new frontiers” may not be completely stable, creating challenging information-gathering, physical and personnel security logistics. In the year ahead, due diligence on markets and partners — conducted internally or through a security provider — will need to be stronger than ever to protect personnel, corporate resources and investments, and to avoid violating the Foreign Corrupt Practices Act.
- Corporate Security Outsourcing: Large corporate security teams are becoming smaller. A business trend of outsourcing non-core business functions, including security, will continue to grow. This will require business decision-makers to closely scrutinize the professionalism of security providers to assess performance, best-practices, use of technology and manpower, training of personnel and more.
- Jumping Into “The Cloud”: Replacing server rooms, appliances, software/hardware and general IT services with cloud computing services is hard for many companies to resist. However, jumping into the cloud without a security strategy is a recipe for disaster. In the year ahead, many security leaders will find themselves developing plans for safe cloud computing, making organizations such as the Cloud Security Alliance — a group promoting the use of best practices for providing security assurance within cloud computing — an invaluable resource.