Burton Group report: VantagePoint 2006-2007: Information Security Trends

Synopsis

Under pressure from internal and external threats such as cybercrime, organizations are entering an era of permanent, evolving, and increasing compliance demands. More breach notification laws and other regulatory demands in multiple jurisdictions are emerging, thus highlighting the importance of establishing effective and measurable security programs.

The security software market is going through consolidation and change as major vendors step up research and development (R&D), integration, and acquisition efforts. Large platform vendors such as Microsoft, Cisco Systems, Novell, Oracle, and EMC are entering the market with their own offerings, even as traditional software security specialists/heavyweights such as CA, Check Point Software Technologies, IBM, McAfee, RSA Security, and Symantec step up their efforts. However, there remains considerable funding and opportunity for innovation from startups and other sources.

Organizations are wholeheartedly adopting mobile computing technologies and moving toward zoned network architectures. Vendors are building converged devices. Carriers and service providers are becoming more assertive in the information security services market. Organizations are also taking various approaches to the problem of network admission control (NAC) for mobile and local devices.

Industry awareness of application security issues has reached a tipping point. Service-oriented architecture (SOA) heralds a sea change in software deployment and efforts are underway to secure web services. The need to increase identity assurance is recognized across multiple industries. Provisioning deployments are proliferating and identity federation is ready for prime time. More enterprises are turning to role-based access control (RBAC) and fine-grained authorization to enforce data and application restrictions and comply with a variety of regulations.

Organizations are under the gun to build a control layer that can manage and monitor a welter of mismatched, feature-crammed technologies and tools. Security management vendors are working to consolidate information technology (IT) and system management functions. Wider use or improvement of existing standards and creation of new standards for control and feedback are imperative to facilitate interoperability among these systems.

Last but not least, security technologies must be backed by effective security governance, but can security technologies make the necessary transition to support governance? It is very important for security programs to focus some of their effort on tools for risk analysis, policy development, project management, workflow, metrics, and so forth. Vendors should pay attention to this need and step up to provide these capabilities.

Download Report

For a complimentary copy of the Burton Group report: VantagePoint 2006-2007: Information Security Trends:

Click here  (Registration Required)


___________________________________________________

>> Back to Main Page

Gary E. Smith
SOA Security Architect