Business Issues -> Security & Risk
Released: 20th December 2012
Rolling Meadows, Illinois, USA (19 December 2012)—ISACA, a non-profit association of 100,000 IT professionals in 180 countries, today outlined what it believes will be the key trends organisations will face in 2013. With the financial climate set to remain in ‘crisis mode’ for the foreseeable future, greater collaboration, cheaper infrastructure, information overload and BYOD will remain on the corporate agenda as trends to be addressed if the organisation is to benefit. But it won’t be ‘business as usual’ as EaaS (everything as a service) is set to make an entrance, bringing with it the ‘Internet of Things’.
Ramsés Gallego, international vice president of ISACA, and Security Strategist for Dell/Quest Software explains, “It is fair to say that the present economic climate is depressed, with little sign of a recovery as we enter into another new year. While we continue to live in 'crisis mode' it does not necessarily have to translate into a hindrance to progression. In fact, for the opportunistic it can be the perfect springboard to rise from the ashes. Rather than skulk away and hope to ride out the storm, I advise we look for new ways to reinvent the way we do business; but just make sure we do so securely. Rather than doom and gloom, I think the next 12 months could witness the greatest transformation to the way we work for decades – and I am excited.”
2013 - The year of collaboration
The economic depression has already resulted in greater collaboration between businesses and organisations. In the next 12 months, Gallego believes it will develop to form the basis of 'always-on' collaboration. The explosive combination of cloud, with increased mobility, plus advancements of social media will see many utilising a heady mix of communication channels to remain in touch - instant messaging, email, video-chat, etc. 2013 is the dawn of the post-PC era.
A ‘cloudified’ world
The foundations of cloud have been sunk, and there they will remain, as companies have invested trillions of dollars into it. What will change is its infusion with the fabric of operating systems—meaning increasingly more people and organisations will embrace it. Unfortunately, however, the name does now have negative connotations; so in all probability, time will see it rebranded—be it Air, Vapour or even Breeze. Gallego predicts, as most operating systems have seamless integration with cloud, there will be the advent of ‘Personal Cloud’ before anyone notices.
ISACA’s 2012 IT Risk/Reward Barometer shows that IT professionals remain wary of public clouds; 69 percent believe that the risk of using public clouds outweighs the benefit. Opinions of private clouds are the opposite—the majority (57 percent) believes the benefit outweighs the risk. Other findings include:
For free resources that help calculate cloud ROI and help ensure security in the cloud, visit www.isaca.org/cloud.
For too long, organisations have been collecting information with the result that many are drowning in a sea of data. But that could be about to change. To reverse this trend, organisations will not only require storage, but introduce the right architecture and technology that will allow the digestion of this 'information overload' to analyse and convert it into actionable intelligence.
Enterprise app stores
Combined with bring-your-own-device (BYOD), Gallego predicts companies will need to introduce their own marketplaces. These ‘app stores’ will allow the provision of the workforce and their devices. It will mean central decisions can be made dependant on who the person is, what they are doing, where they are and when they are doing it. When linked with existing identity and access management solutions, it has the potential to deliver a powerful combination.
Continuing on from the previous theme, and its relevance to identity management and access governance, companies will need to revaluate their deployment of RBAC (Role-Based Access Control). Gallego believes the time has come for the introduction of CBAC (Context-Based Access Control) or perhaps ABAC (Attribute-Based Access Control). Access to sensitive information should be permitted dependent on who someone is, combined with when, where and how they are connected.
In a world where ‘business is king’ it would be fair to say that ‘service is queen’. Ramses envisions an era of EaaS. Models like ISACA’S COBIT 5 and ITIL, with cloud and outsourcing will enable this.
Beyond management: Governance.
Segregation of duties is an increasingly complex issue organisations are struggling to comprehend. However, there has to be a differentiation in terms of who does what. Management (execution, tactics, running the environment) needs to be separated from governance (having the vision, evaluating, directing). ISACA'S COBIT 5 will provide a solid foundation for organisations, which is the first framework that establishes the need to separate roles.
The ‘Internet of things’
The world is changing very fast and, while this might be true, Gallego believes epoch of countries, or even vast organisations, to have their own Internet and his belief is this trend will continue. One driver of this trend is believed political , but could also be to introduce protective and preventive measures – a secure Internet, or a place where safety can be assured. What is for certain is that, with more than 200 billion devices connected, the beginning of 'the Internet of things' is just around the corner.
Growing privacy concerns
In the coming year, IT professionals will have to manage not just threats of data leakage and identity theft, but also growing consumer and employee concerns about data privacy.
“The protection of private data often referred to as personally identifiable information (PII) is the responsibility of both organizations and individuals,” says Marc Vael CISM, CGEIT, CRISC, international vice president of ISACA. “Organisations need to ensure that PII is managed and protected throughout its life cycle by having a governance strategy and good processes in place. Individuals must think before they provide their PII to a third party, your bank is very different to an offshore gambling website. People need to be aware of the value of the information they are providing and assess if they can trust who they are giving it to. Data protection, involves improving people’s awareness, using best-of-breed technology and deploying sound business processes.”
He continues, “The consumerisation of IT, confidentiality of location-based information, privacy-by-design, and an increase in legislative and regulatory mandates that will drive more privacy audits are among the top 2013 trends in data privacy that ISACA anticipates will need to be addressed.”
COBIT 5 helps business leaders govern privacy, evaluate the risk around privacy ensure proper security management and effectively govern sensitive information. The framework is available as a free download from www.isaca.org/cobit.
With more than 100,000 constituents in 180 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA®Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT® framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
+44 (0) 207 183 2836
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761