Large organizations are virtualizing infrastructure and adopting cloud computing in order to improve efficiencies, lower costs, and accelerate IT responsiveness. These are tremendous business benefits, but ESG Research indicates that these new technology initiatives present numerous security challenges that can increase IT risk or even slow down forward-looking IT projects.
Lack of information security skills, best practices, and appropriate technical controls continue to dog server virtualization and cloud computing initiatives.
Budget constraints top the list of information security management challenges but there is an assortment of other issues.
Earlier this month, senate republicans blocked the latest version of the Lieberman/Collins cybersecurity bill. Good for politics, bad for national security.
New ESG Research finds that CISOs use a combination of traditional drivers and new requirements to shape their information security strategy.
Everyone's talking BYOD and MDM but hardly anyone is considering mobile application development's growing impact. This has to change.
As part of the software development process, information security professionals must make choices about where to invest their budget and staff resources to ensure that homegrown applications are as secure as possible. ESG research found organizations that are considered security “leaders” tend to make different choices than other firms. For example, leaders rely on integrated development and testing suites, scan their applications from multiple perspectives to uncover vulnerabilities, and invest in training developers in security concepts and tools. This research brief details these best practices for all organizations that would like to produce more secure applications.
When it comes to information security monitoring, ESG Research indicates that enterprises have pressing needs for integration, intelligence, automation, and big data capabilities.
Frightened by the prospects of APTs, botnets, and Trojans, large organizations are investing in new advanced malware detection/prevention technologies to fortify defense-in-depth. Should these new security technologies be applied to the network or to host systems? Both.
Cybersecurity events like security breaches, APTs, and pending legislation are becoming mainstream as the public recongnizes that our society is inexorably tied together via servers and networks. With all this attention, one fundamental security problem continues to fly "under the radar." The fact is that a lot of the software we depend upon is insecure and extremely vulnerable to attack. Unfortunately this issue isn't getting enough attention and ESG Research indicates that enterprise organizations aren't doing enough to address their own software security deficiencies.
VMware has been ptiching network virtualization and next-generation data centers solely based upon virtualization software. Great vision but in reality, VMware is still used mostly for server consolidation. To take its virtual networking game to the next level, VMware just announced its plans to acquire SDN startup Nicira for an unbelievable $1 billion +. This move shows that VMware is willing to make incredible investments to back its vision but there is a lot of work ahead.
In order to assess the state of information security management and operations in 2012 and beyond, ESG surveyed 315 security professionals working at enterprise-class (1,000 employees or more) organizations in North America. All respondents were personally responsible for or familiar with their organizations’ 2011 information security strategies as well as their 2012 IT security budget and spending plans at either an organizational or business unit/division/branch level.
The Senate Homeland Security and Government Affairs (HSGAC) introduced a new cybersecurity bill last Thursday. According to ESG Research around Advanced Persistent Threats (APTs), security professionals believe it's time to stop debating and pass legislation.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188