IT Security Is Getting Better... And More Complicated
from the better-is-hard dept
Here's my outlook for 2010. First, in general, security will get much better -- but the challenges for IT managers will also get much more complicated.
The year ended as Barack Obama finally selected his own cyber-security czar -- but that's just part of the federal government's plan to modernize its role in the security of the internet. In October, the Department of Homeland Security opened the National Cybersecurity and Communications Integration Center, promising "a 24-hour, DHS-led coordinated watch and warning center that will improve national efforts to address threats and incidents affecting the nation's critical information technology and cyber infrastructure." And meanwhile, the Pentagon has even established a new Cyber Command.
But the federal government has been also leading the push to protect private information. Back in 2006, the Office of Management and Budget mandated that government agencies encrypt all the data on that's stored on mobile devices. And more than half the states in the country have beefed up federal privacy laws with their own new state privacy regulations... But ironically, one of the biggest factors in improving security may have been: dramatic news stories about weak security. In 2007, there were 800,000 social security numbers that were stolen when a 22-year-old intern lost a back-up tape he'd stored in the back of his car -- and a few weeks later, data was also stolen for National Guard soldiers in Idaho. Later that year, the security administrator at the Oregon State Treasury joked to me that some organizations were implementing stronger security protocols simply because "People like to stay off of the front page!"
I've wondered if there might be fewer breaches at datacenters in 2010 as an indirect result of the financial bail-outs in 2008. Public anger is high, and it's being directed at nearly every institution in the financial industry. So it's the worst possible time to have to explain to customers that your data's been breached -- and I predict managers will take data security much more seriously. And if not for their customers, then for potential business partners -- since the obvious result of the financial crisis has been mergers and acquisitions.
I predict IT managers will face a more complicated environment -- partly because of the growing adoption of mobile devices. The popularity of the iPhone has spawned high-powered competitors like the Android, and more and more end users are going to have them. But if the future is mobile devices, that means more users trying to connect to the corporate network with unpatched and potentially virus-infected personal data accessories. If you don't have a good network access protocol, you'll be facing a whole new class of threats -- and users also need to be educated on the dangers of using their new mobile devices to transport sensitive work data out of the office. The growth in mobile devices may also lead to a great emphasis on encryption -- to protect data from the careless habits of end users. But IT managers also need to focus on network access control, to deal with threats that arise when those same users try to re-connect!