My business is all about being predictive – determining in advance what could happen from a cyber-security standpoint. But I’m also a CEO, so predictions about the business of security are always on my mind. This year, there is a great deal of change in the air as companies are beginning to ask themselves what the value of security is and appreciate that point products alone are just not going to get the job done.
While one of the biggest challenges remains getting the C-suite interested in security, CISOs are increasingly explaining to the front office the business reasons for security – from compliance, fines, and data loss, to the irreparable harm that could come to the company’s reputation. But there are other important topics in the field, including these five InfoSec trends for 2013.
2. Artificial intelligence. Informed by advanced algorithms, a key evolutionary component to protecting data assets will be the insinuation of artificial intelligence into security-based systems. By adapting to its surrounding environment such systems can “learn” when to react and when to stand down based on the level of perceived threat. For example, in machine learning, pattern recognition is the assignment of a label to a given input value. An example of pattern recognition is classification, which attempts to assign each input value to one of a given set of classes (for example, determining whether a given email is “spam” or “non-spam”). In security terms using artificial intelligence (or machine learning) malicious behavior can be parsed by the type of pattern discerned leading to a “go” or “no go” result and, ultimately, the protection of your most valuable asset: your data.
3. Holding pattern for big new point only solutions. The InfoPro, part of the 451 Group, recently published findings on what it’s calling the rise of “converged infrastructure.” In brief, as storage, networks, servers and software become increasingly interdependent; it is driving interest in “integrated infrastructure” solutions including unified computing and converged and appliance-oriented infrastructure. Buying “pieces” is out. Systems need to be designed and tested to work together. It’s also likely that the assimilation of security-based solutions into the enterprise will be increasingly holistic as well, with teams asking themselves: does it fit with our existing technology and security policy, or is it more of a disparate, singular solution that requires administrators to learn some new interface? Given the acceleration of and evolution towards an increasingly integrated IT platform that unifies both infrastructure as well as software, the era of expending CAPEX dollars on disparate, standalone solutions may well be over.
5. Security Products Become Commoditized. It happens in many industries, but especially in IT. Sooner or later most of today’s innovations become tomorrow’s commoditized legacy products. As IT budgets continue to remain at or below current levels, the spend on security will likely not be more or less, up or down, but will be different, favoring integrated solutions rather than standalone ones and those that have proven themselves in similar environments and threat situations.
It’s typical for IT to be heads-down, focused on the many threats coming from many directions. The often overwhelming nature of the job can prevent the best in the business from seeing the big picture around how the industry is changing or how InfoSec can affect the future of a company. But it’s important to take a step back, evaluate what’s new, and how to best leverage it so that the C-suite takes notice.