SlideShare une entreprise Scribd logo

Outlook emerging security_technology_trends

wardell henley
wardell henley

emerging security_technology_trend

Technologie
1  sur  16
Télécharger pour lire hors ligne
IBM security solutions White paper IBM Security Technology Outlook: An outlook on emerging security technology trends. October 2008
IBM Security Technology Outlook: An outlook on emerging security technology trends. 2 Executive summary Contents In the next two to five years, emerging technological and social trends will have far-reaching implications for enterprise security. This white paper out- 2 Executive summary lines the fundamental technology trends organizations can expect to see in the 2 Introduction next several years, the catalysts behind those trends and the ways in which 4 IBM and the security landscape IBM can help organizations strategically balance risk with opportunity. 6 Trend 1: Securing Virtualized Environments Introduction 7 Trend 2: Alternative Ways to As the pace of globalization picks up, traditional boundaries continue to Deliver Security disappear, melting before the relentless pace of 24x7 communications and 8 Trend 3: Managing Risk and trade. In this new global reality, “open for business” can mean pooling Compliance resources and sharing sensitive information among organizations are the 9 Trend 4: Trusted Identity de facto costs of admission to the global economy. 10 Trend 5: Information Security 11 Trend 6: Predictable Security The line between participation and isolation can also mark the line of of Applications opportunity and risk. Now more than ever, we rely on our business systems 12 Trend 7: Protecting the Evolving and automated policies to guard that line — to root out the threats, to Network safeguard our intellectual property, to protect our reputations and privacy. 13 Trend 8: Securing Mobile Devices 14 Trend 9: Sense-and-Response With the emergence of each new technology, the line can shift just a bit. As Physical Security we rush to exploit the opportunities, determined insiders and outsiders may 15 Summary seek to exploit vulnerabilities. Consequently, the potential of emerging tech- 15 For more information nologies marks a fundamental change in how organizations should approach the accompanying security challenges. To gain a perspective on the security challenges organizations will face in the next several years, the following questions should be considered: What fundamental technology trends are expected to impact organizations in the next two to five years? What strategic drivers should serve as catalysts for change? And how can organizations position themselves to profit from the myriad oppor- tunities while managing the risk that inevitably accompanies them?
IBM Security Technology Outlook: An outlook on emerging security technology trends. 3 SECURING VIRTUALIZED ENVIRONMENTS SENSE-AND-RESPONSE IBM Security Framework ALTERNATIVE WAYS PHYSICAL SECURITY TO DELIVER SECURITY SECURITY GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE PEOPLE AND IDENTITY DATA AND INFORMATION SECURING MANAGING RISK MOBILE DEVICES AND COMPLIANCE APPLICATION AND PROCESS NETWORK, SERVER AND END POINT PHYSICAL INFRASTRUCTURE PROTECTING THE TRUSTED IDENTITY EVOLVING NETWORK Common Policy, Event Handling and Reporting Professional Managed Hardware services services and software PREDICTABLE SECURITY OF APPLICATIONS INFORMATION SECURITY We began this conversation with the Global Technology Outlook (GTO) and the Global Innovation Outlook™ (GIO) in which we shared insights around the most pressing security problems, among others. During the course of hundreds of customer engagements and extensive market research, we’ve continued to think forward with the end goal of turning these insights into actions organizations can take now to prepare for the opportunities ahead. Our collected analysis therefore points to nine important trends and tech- nologies that are expected to shape the security environment in the next two to five years. These include:
IBM Security Technology Outlook: An outlook on emerging security technology trends. 4 • Securing Virtualized Environments — From dedicated hardware for dedicated purposes to shared In the next few years, security requirements are hardware for dedicated applications. expected to be driven by: • Alternative Ways to Deliver Security — Prepackaged security for easy deployment and quick time • A highly dynamic IT environment that can to value. respond efficiently to elastic scalability • Managing Risk and Compliance — Business risk–based and policy-driven approach to managing demands. IT security. • Trusted Identity — Toward trusted, privacy-enabling, shared and easy-to-use identities. • The ability to use electronic identities for • Information Security — Reflecting the business value of data at risk. sensitive and mission-critical purposes. • Predictable Security of Applications — Integrated security throughout the application lifecycle. • Protecting the Evolving Network — Real-time security regardless of network speed, with protection • End-user demands for more control and self- against the rise in application-specific attacks. determination with their online identities. • Securing Mobile Devices — A trusted channel for conducting business and a primary means • Secure, reliable, flexible and composable appli- for authentication. cations that can facilitate a rapid response to • Sense-and-Response Physical Security — Efficient and decisive physical security. changing business needs. These trends frame our discussion of how organizations can respond to the • Accommodation of the organization’s desired security challenges of the emerging technological and social changes ahead. In level of control of the IT environment. the following sections, this paper will outline what those technologies mean, • A risk-based approach to managing IT security the potential that comes with them and the ways in which IBM can help orga- and its contribution to operational and busi- nizations strategically manage the challenges, risks and opportunities ahead. ness risk. IBM and the security landscape • Mobile devices to be a secure source of identity Over the last several years, the evolution from the physical to the digital world and a business platform. has transformed the security landscape. Survey data collected by IBM shows that as more sensitive information has moved online, highly coordinated • High-risk decisions based on secure, high- attacks against individuals and organizations have become both more quality information sources. frequent and sophisticated with each passing year. The targets themselves • IT systems that can sense and respond to the have expanded — in the future, smart phones, payment systems such as radio real-world environment. frequency identification (RFID) and “Chip and PIN” systems, and even home entertainment systems may be progressively more vulnerable.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 5 Increasingly aware of the risk to their personal identity and information, individuals are demanding that organizations take the necessary steps to safeguard it. These expectations are reinforced through laws and regulations created to protect the privacy of personally identifiable information — credit card numbers, medical records and other potential targets. Organizations in turn should protect their own intellectual property and reputations from cata- strophic breaches. These changes and challenges in the technology environment have helped shape IBM’s own approach to security. Designed to help organizations stra- tegically manage risk across all areas of the organization, the IBM Security Framework identifies five key security areas or domains, including people and identity; data and information; application and process; network, server and end point; and physical infrastructure. By examining each of these domains in the context of potential risk elements and impact, organizations can better understand and prioritize risks and vulnerabilities. IBM intends to continue to build on the momentum we’ve created with our security framework through new offerings and services that tackle the increasing sophistication and diverse nature of security requirements, and in doing so, enable organizations to confidently realize the benefits these trends will bring.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 6 “ nformation systems labor costs I can now represent up to 70% of an information technology (IT) Trend 1: Securing Virtualized Environments operations budget; power and For the past two decades, organizations have raced to keep up with cooling costs are now 8x greater changing technology requirements by substantially building out data than a dozen years ago.” centers. With operational centers already stretching the upper limits of — Clabby Analytics1 power, space and staff resources, soaring capital costs and exponential growth in power costs are forcing organizations to examine ways to deliver Looking ahead a more energy-efficient infrastructure. Since it first introduced virtualization IBM has Unprecedented levels of scalability and responsiveness should also be in place continued to define and redefine virtualization to support the dramatic growth of shared applications, and the natural ebb technologies on its System z® and System p® and flow of service demands on resources. Based on a shared infrastructure in platforms. The IBM z/VM® system, for example, which large virtualized resource pools are linked to provide organizations with can run thousands of fully isolated Linux® systems a simple, quick and device-agnostic path to services, cloud computing delivers simultaneously. As virtualization accelerates beyond the potential to radically change the economics of running a data center. the mainframe, IBM is applying the knowledge gained over the decades to other virtualization Through the ability to define and standardize collections of resources, cloud platforms. computing offers simplification on a grand scale, providing an opportunity IBM continues to research and develop tech- to streamline and standardize the security approach and configurations nologies for managing the security of virtualized throughout the organization. In turn, the simplification feeds on itself — since environments through its Phantom project for vir- resources can be managed in a similar fashion, a larger number of virtual tual machine (VM) protection and secure cross-VM resources are manageable. communication, and for managing full infrastruc- ture isolation through its Trusted Virtual Domains Despite the tremendous opportunities cloud computing holds, however, it can research project. also bring additional challenges: As part of its ongoing commitment to stronger • Organizations should be prepared with strong isolation management capabilities that separate security within virtualized environments, IBM the applications, data and infrastructure dedicated to one tenant from the rest of the tenants, with Internet Security Systems (ISS) Proventia® offerings isolation policies that can be applied across multiple virtualization platforms. have been extended to virtual form factors, IBM • The integrity of the virtual environment should be protected and managed as robustly as the Tivoli® Access Manager for Operating Systems is physical environment. Traditional security capabilities, such as network monitoring and intrusion providing capabilities to monitor privileged user detection, should be applied to the virtual environments. activity in VMs, and IBM WebSphere® DataPower® • Because virtualized resources are stored as data images, they are subject to corruption. SOA Appliances provide security protection to Organizations should establish image management capabilities to protect and maintain the resource applications running on virtual hosts. definitions, including robust change and patch management procedures. In addition, the IBM Blue Cloud offering helps operational center services run across a distrib- uted, globally accessible fabric of resources, rather than on local machines or remote server farms.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 7 Trend 2: Alternative Ways to Deliver Security The economics of managing and operating complex, specialized IT security services is driving a focus for new forms of packaging and delivering security services. There are two key factors that influence this increased diversity. First, the IT organization should decide how much control they want to maintain. Are they comfortable with the idea of another company providing their security services or do they want to manage security themselves? Second, the complexity of the IT environment can heavily influence how the IT organization chooses to obtain security capabilities. Some companies have relatively simple, self-contained IT needs. On the other hand, some companies have highly dynamic environments that have the ability to quickly adapt their IT services to new business needs. In addition to traditional software offerings, managed services and outsourcing arrangements, IBM sees several trends in the delivery of security capabilities: Appliances. In the past, IT appliances meant “one host dedicated to one specialized function.” Today’s appliances are becoming platforms in their own right, evolving to a single deliverable that contains all of the operating system, middleware and applications preinstalled and preconfigured to perform multiple functions targeted to a single domain of operation. Appliances are also moving to increasingly modular physical form factors as well as virtual form factors. Software-as-a-Service (SaaS). While managed services typically have dedicated infrastructure for each customer, SaaS platforms deliver “one-to-many” service in which a single platform provides a type of service to multiple customers simultaneously. These shared infrastructure systems can provide standardized services with little need for customization. Cloud computing. Virtualized platforms and cloud computing environments support highly dynamic environments with elastic scalability needs. These dynamic environments can be used to create “cookie-cutter” definitions of resource pools to standardize application deployment and other IT services that can be deployed in massive numbers in very short times, leading to a “utility” approach to consuming security services.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 8 Trend 3: Managing Risk and Compliance Looking ahead Many organizations are re-examining their business continuity and resiliency IBM is an industry-leading provider of services strategies. Companies are realizing that disaster recovery plans are simply and solutions helping IT organizations analyze not enough; even everyday small disasters can have big consequences for a and understand their operational risk. When the company’s ability to conduct business. banking industry formed the Operational Risk Exchange to share operational risk data with each Operational risk can cover any activity that impacts business processes, other and establish industry benchmarks, IBM including theft, insider fraud, loss of physical facilities or other capital assets, brought the analytics expertise. IBM Banking and failure to meet safety and other regulatory requirements. Because IT is Data Warehouse provides a proven model for ingrained in virtually every aspect of a company’s activities, IT risks are a managing operational risk. IBM Cognos Risk major component of operational risk. For example, what if an unauthorized Management Cockpit, along with the other prod- employee is able to bypass the security protections of a key financial reporting ucts in the IBM Cognos Business Intelligence application? What if archive tapes with customer data are lost? What if the solutions family, provides risk reports, dash- data center loses power? Looking at IT security and resiliency issues from boards, event management, scorecards and risk an operational risk perspective helps the chief information security officer analysis capability in a single environment. (CISO) prioritize time and money investments in ways that can have the best impact on the company’s operations. The IBM service oriented architecture (SOA) policy management strategy provides a traceable However, more and more of the IT landscape is out of the direct control of way to associate security policies with SOA ser- the CISO — through outsourcing, IT integration with business partners, the vices and transform those policies into security use of managed security services or other IT resources owned by others — requirements and security configurations. which means the CISO is becoming an increasingly policy-driven and For managing security configurations, IBM consultative job. IT security is therefore evolving toward evaluating IT’s Service Management offerings and the IBM Tivoli contribution to operational risk and developing policies and controls to zSecure family of offerings enforces rigorous mitigate those risks both in the IT infrastructure controlled by the CISO change control processes on IT environments, as well as outside IT resources. while IBM Tivoli Compliance Insight Manger, IBM Tivoli Security Compliance Manager and IBM Tivoli Security Information and Event Manager monitor for out-of-process security issues.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 9 “ ur identities are under attack O from all sides, with identity theft claiming a new victim about Trend 4: Trusted Identity every 2 seconds.” In a global economy where billions of people connect daily, identity has taken — Facts and Statistics, on a new focus. Each transaction depends on the level of trust each party Identity Theft Resource Center, April 30, 2007 places in the integrity of the other’s credentials and the systems supporting them. Yet considering the rising instances of identity theft and fraud, that trust may well prove overly optimistic. Looking ahead Building on IBM’s industry-leading Tivoli Identity With the goals of improving identification and enabling higher-value and Access Management family of products, as transactions — like healthcare authorizations and high-value banking well as the Tivoli zSecure suite and IBM Resource operations — governments and enterprises are working to create identity Access Control Facility (RACF®), IBM is finding management models where baseline identities can be more highly assured, solid and sustainable solutions to present and with stronger identity credentials that are better protected from tampering future challenges.2 IBM is working with open and forgery. standards organizations to make identity man- agement simpler for individuals. IBM is a major On the commercial side, identity systems continue to proliferate, forcing contributor to the Eclipse project Higgins, which individuals to become their own identity administrators, juggling a mixture defines a user-centric “identity metasystem” to give of self-created and third-party issued identities for every service they interact individuals more control over their credentials and with, and balancing the trade-offs between privacy and reputation that come personal information. IBM is also a supporter of with increased disclosure. the OpenID initiative, an open-standard, third-party credential provider that enables individuals to use Going forward, the challenge lies in developing a common set of identity a single credential across multiple online services. policies, processes, best practices and technology, as well as multipurpose Both of these systems are supported in IBM Tivoli identity systems that can be used across service providers. These systems Federated Identity Manager. should be able to accommodate complex identity relationships while providing a simplified way to address common identity processes and The IBM Trusted Identity initiative tackles the functions, including enrollment and proofing, credential management and weak links and end-to-end integration problems identity usage. At the same time, the identity systems should respect the in current trusted identity systems, ranging corresponding conventions and limitations of societal and cultural boundaries, from the identity proofing stage — where a including privacy, reputation and individual rights. large percentage of identity fraud and theft has its roots — to the usage of trusted identities in online and offline scenarios. The trusted identity showcase — a focal point for state-of-the-art identity management technology — offers demonstrations and executive briefings on improving identity proofing using IBM Global Name Recognition and IBM Relationship Resolution technologies.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 10 According to the Privacy Rights Clearinghouse, over 226 million records containing sensitive personal information have been involved in security breaches since they started counting Trend 5: Information Security in 2005.3 Today, an ever-expanding volume of information continually and freely circulates across and beyond enterprises, governments and social networks, Looking ahead aided through the proliferation of open, collaborative environments, Web IBM is a leader in hardware-based encryption 2.0 mashup technologies and intelligent data streams. A boon to online management, offering a line of encrypting tape communities, the information explosion has nevertheless created a nightmare drives such as the TS1120 and TS1130, and full for organizations with the proliferation of databases and corresponding disk encryption capabilities in the IBM System increase in data leakage that raises the potential for data breaches and the Storage™ DS8000 Series family of disk systems, chance of inappropriate disclosure or use of intellectual capital. including file system-level encryption capabilities for IBM DB2® servers. IBM also offers an Already a boardroom issue, organizations can expect a continued push to enterprise-scale key management infrastructure minimize the risks of data breaches. As a result, there should be a new focus through IBM Tivoli Key Lifecycle Manager and on privacy management tools with the capability to mask data, particularly lifecycle management tools to help organizations in nonproduction environments such as application development where efficiently deploy, back up, restore and delete keys protection of data continues to be less stringent. This focus can reinforce the and certificates in a secure and consistent fashion. need for cryptography, and subsequent demand to simplify the complexity of the key-based algorithms and management of keys throughout the lifecycle. DB2 and IBM Informix® offer access control features including a sophisticated Label Based There is expected to be more internal pressure to link trust in data with Access Control (LBAC) mechanism that allows decision making. Collectively, security practices — including data steward administrators to control read and write access of assignments, data monitoring, policy-based data classification and security a user at the table, column and row levels. DB2 requirements records — should provide the metrics that calculate and reflect and Informix also support single sign-on through Kerberos integration. the security protections for a particular repository. These metrics can be used in formulating “trust indexes” that can guide decisions about the use of a data As part of an integrated data management repository — a repository with a high trust index association can be used for approach, the IBM Optim™ Data Privacy Solution high-risk decisions; conversely, a repository with a low trust index association provides policy-based deidentification and mask- should be used only for low-risk activities. ing capabilities to protect confidential data, while the IBM Optim Data Growth Solution helps enforce secure access to archived data based on estab- lished data governance policies. These data protection capabilities provide a trustworthy foundation to use enterprise informa- tion assets for business optimization in a way that reflects the value of information and protects individuals’ privacy. The IBM InfoSphere™ and IBM Cognos product families build on the security foundations to ensure that information is accurate, complete, in context and actionable.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 11 Trend 6: Predictable Security of Applications Looking ahead In 2008, a new type of threat known as SEO code injection or poisoning A longtime contributor of best practices for secure impacted around 1.2 million Web sites, including some very high-profile sites. software development, the IBM Rational® Software As the dust settled from this exceptionally destructive threat, it became clear Delivery Platform — including IBM Rational Team that applications had become ground zero for hacker attacks. Concert, IBM Rational Asset Manager and the IBM Rational AppScan® family of Web application secu- Part of their vulnerability lies in the evolution from monolithic applications rity solutions — offers features for managing the to composite applications, both in SOA–style process choreography and chain of custody of software artifacts throughout the through Web 2.0–style widgets and mashups. These composite applications application lifecycle and can enforce security testing can include application code from a wide variety of sources in a true mix-and- as part of the software development process. match fashion. Though it has tremendously improved programmer efficiency and enabled many nonprogrammers to compose sophisticated applications The IBM Tivoli Access Management family of prod- with little training, it can leave applications vulnerable. ucts and WebSphere DataPower SOA Appliances protect applications from unauthorized access and Perhaps the most challenging aspect of composable applications is the inability malicious messages. to fully understand the composition, and therefore the security posture, of the Correspondingly, at the data level the IBM Optim application until it is deployed. Only then — when it’s too late — are all the Data Privacy Solution can integrate with IBM contributing elements exposed, including malware and vulnerabilities. Rational Data Architect to create privacy specifica- tions that can be used across test databases. This challenge is causing the embedding of security development expertise into the tools and development platforms, to perform security checks at The Rational AppScan family of offerings com- each stage of development and to combine the component scanning into bines application scanning and security checks a composite analysis. Organizations should also be ready to track the throughout the phases of the software development provenance of deployed software artifacts to ensure the integrity of mission- lifecycle into a composite analysis of the applica- critical applications. Because malware can be introduced at virtually any stage tion security profile on an enterprise scale. of the lifecycle, organizations should be able to establish and track a chain of custody as software moves throughout the lifecycle.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 12 The total average cost to United Trend 7: Protecting the Evolving Network States companies is $182 per The need to accommodate bandwidth-intensive applications such as VoIP, streaming video and online gaming has become a race to meet growing record compromised, equating demands for speed and bandwidth. With speeds now reaching 10G and to an average price tag of beyond and traffic loads hitting unprecedented levels, service providers have $660,000 per company increasingly less visibility and knowledge of the traffic going through their in expenses. networks. As IT policies force more network encryption and virtualization — Ponemon Institute survey, creates new networks inside the server infrastructure, visibility is expected to October 2006 become even more opaque. Looking ahead As a consequence, network security should become more elusive, even as new types of attacks emerge. Virtualized environments create the possibility for Built on its RealSecure® family of intrusion detec- guest hosts to launch network-based attacks against other hosts. Other attacks tion solutions (IDS) products and its Proventia likely will target session initiation protocol (SIP) proxy servers, domain name family of IPS offerings, IBM is working to create a system (DNS) servers and the upper layers of the open system interconnect new security-consolidating paradigm of network (OSI) stack, including attacks on application-specific protocols and schema. protection. Backed by the IBM ISS X-Force® research and development team, IBM Proventia Combating these attacks likely will require more than traditional intrusion Network Intrusion Prevention System GX-series prevention systems (IPS) and firewall technologies. Addressing these evolving offerings can provide protection for physical, threat requirements should require a total defense-in-depth strategy based on virtual and blade-based appliances. Other IBM a highly scalable, collaborating security platform with unified and coordinated offerings deliver new classes of protection, such as network, server and end-point protection technologies. Web application protection and data loss preven- tion (DLP), combined with IPS and other functions, in a single appliance. Working in collaboration with ISS network protection solutions, IBM is creating extensible in-dwelling security within IBM products. In addition, IBM STG and semiconductor teams are working on security acceleration functions in silicon as part of its PRISM project and working to expand the protection ecosystem by creating a framework to integrate third-party protection solu- tions with unified management.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 13 There are 3.3 billion mobile Trend 8: Securing Mobile Devices phones in the world today, Of all the technologies available, the mobile device represents perhaps the greatest intersection between opportunity and risk. Diverse in design and use, compared with 1.6 billion and capable of delivering data, applications and services anytime, anywhere, Visa cards. the mobile device has the potential to change the way governments and — IBM Global Innovation Outlook4 enterprises conduct high-value, mission-critical transactions. Looking ahead While the mobile device offers a compelling case as the new prevalent Over the years, IBM has pioneered a range of channel for conducting business and primary means for authentication, much services, offerings and standards to help organiza- work lies in the area of security. Even as they rapidly supplant the PC, mobile tions unlock the potential of the mobile device in a phones are increasingly subject to the same types of security attacks — but secure and sustainable manner. To help secure the even less mature at deflecting them. mobile platform, the IBM Lotus® Expeditor family of products offers a turnkey deployment platform In the near future, improvements are needed in two key areas: mobile that provides a variety of security services such platform security and telecommunications network protection. With mobile as authentication and encryption for applications platforms becoming more open, the mobile application development running on the platform. The IBM SecureBlue environment, deployment processes and run-time environment should research project is exploring ways to make the be authorized, secure and free of corruption. And as mobile phones are hardware components of mobile devices secure increasingly vulnerable to malware and other types of attacks, telecom- and tamperproof. munications service providers should augment their network security by monitoring their network traffic for security threats while maintaining In the area of telecommunications network security, optimal service levels. the IBM BladeCenter® PN41 provides customizable Deep Packet Inspection (DPI)-based security capa- bilities that telecommunication networks can use to protect mobile devices from malware and other security threats.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 14 Trend 9: Sense-and-Response Physical Security Looking ahead In the IBM 2008 Global Technology Outlook, we noted the growing demand The IBM Smart Surveillance Solution builds on for low-latency event analysis of physical events for millisecond sense-and- sense-and-response technology, providing multiple respond reactions. For example, applying RFID stickers to pallets in a supply decision-integrating sensors and cameras and chain enables IT systems to become aware of the state of the supply chain extending the querying capabilities of standard and raise alerts and take actions as necessary to keep the supply chain digital technology. Designed for a number of running smoothly. industries, it allows organizations to sense and respond to trends and activities based on an open This same sense-and-respond paradigm is now being applied to real-world architecture framework that can easily scale to security. Video analytics enable automated surveillance through object and accommodate new monitoring technologies or people recognition, as well as behavioral analysis. In real terms, this allows analytical algorithms. security officials to program an IT system monitoring a particular camera to detect cars entering a certain area delineated on the screen and staying for longer than 20 minutes without leaving. Or they could perform a metadata- enabled search through an archived video to find a particular type of event such as “a blue sedan crossing this intersection.” Underlying the trend toward this sense-and-respond technology is the idea of giving IT systems a deeper understanding of the semantics of what they’re observing. This development likely will correspond to the modeling of more sophisticated behavioral activity models used as baselines for observed activity. As the technology matures, look for video analytics to be widely adopted for both smaller environments and larger, more complex investigations. As more video cameras are deployed across the globe, however, the limitations are becoming apparent. The most obvious drawback is the human element — that is, a camera can monitor a crowd but someone must monitor the camera. At the same time, human watchers can raise potential privacy issues, particularly where personal information can be compromised. The challenge is to enable IT systems to monitor the cameras in ways that protect the privacy of individuals while recognizing situations that require human attention.
IBM Security Technology Outlook: An outlook on emerging security technology trends. 15 Summary This paper has outlined nine trends that will gain increasing prominence in the next two to five years. Given these trends, it is likely that these next few years have the potential to bring tremendous risk. But they can also usher in a wealth of opportunities. It’s how the risk is managed that should determine how an organization thrives — or fails — in the face of emerging technologies. While most security vendors focus on and manage one area of risk, IBM’s approach is to strategically manage risk end-to-end across all areas of the organization. This strategy allows organizations to better understand and prioritize risks and vulnerabilities based on their potential to disrupt critical business processes. Through world-class solutions that address risk across each aspect of your business, IBM can help you build a strong security posture across the organ- ization and position you to reap the rewards of emerging technology trends. For more information To learn more about emerging security technology trends, contact your IBM representative or IBM Business Partner, or visit ibm.com
© Copyright IBM Corporation 2008 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America October 2008 All Rights Reserved IBM, the IBM logo, ibm.com, AppScan, BladeCenter, DataPower, DB2, Global Innovation Outlook, Informix, InfoSphere, Lotus, Optim, Proventia, RACF, Rational, RealSecure, System p, System Storage, System z, Tivoli, WebSphere, X-Force and z/VM are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at ibm.com/ legal/copytrade.shtml Linux is a trademark of Linus Torvalds in the United States, other countries or both. Other company, product and service names may be trademarks or service marks of others. Disclaimer: The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the reader may have to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation. 1 “The Data Center ‘Implosion Explosion’ … and the Need to Move to a New Enterprise Data Center Model,” www-03.ibm.com/systems/resources/systems_optimizeit_ datacenter_pdf_nedc.pdf 2IDC Worldwide Identity and Access Management 2008-2012 Forecast and 2007 Vendor Shares, August 2008 (Doc #213650). 3 http://www.privacyrights.org/ 4 ibm.com/gio IBW03001-USEN-00

Recommandé

Dod IA Pen Testing Brief
Dod IA Pen Testing BriefDod IA Pen Testing Brief
Dod IA Pen Testing BriefDavid McGuire
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
113505 6969-ijecs-ijens
113505 6969-ijecs-ijens113505 6969-ijecs-ijens
113505 6969-ijecs-ijensgeekmodeboy
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 

Recommandé

Dod IA Pen Testing Brief
Dod IA Pen Testing BriefDod IA Pen Testing Brief
Dod IA Pen Testing BriefDavid McGuire
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
113505 6969-ijecs-ijens
113505 6969-ijecs-ijens113505 6969-ijecs-ijens
113505 6969-ijecs-ijensgeekmodeboy
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture FrameworkMohamed Ridha CHEBBI, CISSP
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnualfinance40
 
Agama Profile
Agama ProfileAgama Profile
Agama ProfileAgama Consulting
 
Agam Profile
Agam ProfileAgam Profile
Agam ProfileAgama Consulting
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - securityLilian Schaffer
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Axoss Security Awareness Services
Axoss Security Awareness ServicesAxoss Security Awareness Services
Axoss Security Awareness ServicesBulent Buyukkahraman
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
טכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעטכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעIsrael Export Institute_מכון היצוא
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016Owais Hassan
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Technology Plan
Technology PlanTechnology Plan
Technology PlanBlair E
 
Emerging Technologies Assignments
Emerging Technologies AssignmentsEmerging Technologies Assignments
Emerging Technologies AssignmentsBlair E
 

Contenu connexe

Tendances

TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 

Tendances (20)

TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
Agama Profile
Agama ProfileAgama Profile
Agama Profile
 
Agam Profile
Agam ProfileAgam Profile
Agam Profile
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - security
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Axoss Security Awareness Services
Axoss Security Awareness ServicesAxoss Security Awareness Services
Axoss Security Awareness Services
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management Services
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
טכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעטכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידע
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Security
 

En vedette

Technology Plan
Technology PlanTechnology Plan
Technology PlanBlair E
 
Emerging Technologies Assignments
Emerging Technologies AssignmentsEmerging Technologies Assignments
Emerging Technologies AssignmentsBlair E
 
Tetrads project-obsolete-emerging
Tetrads project-obsolete-emergingTetrads project-obsolete-emerging
Tetrads project-obsolete-emergingmrs_parnell
 
Ideal Classroom
Ideal ClassroomIdeal Classroom
Ideal ClassroomBlair E
 
Emerging Technology Effecting Evaluation
Emerging Technology Effecting EvaluationEmerging Technology Effecting Evaluation
Emerging Technology Effecting EvaluationMelissa Redding
 
Individual Assignment on PPPs in Emerging Markets - Edwin Johan Santana Gaarder
Individual Assignment on PPPs in Emerging Markets - Edwin Johan Santana GaarderIndividual Assignment on PPPs in Emerging Markets - Edwin Johan Santana Gaarder
Individual Assignment on PPPs in Emerging Markets - Edwin Johan Santana GaarderEdwin Johan Santana Gaarder
 
Wallace and Egan Essay, complete
Wallace and Egan Essay, completeWallace and Egan Essay, complete
Wallace and Egan Essay, completeJacob Bolton
 

En vedette (7)

Technology Plan
Technology PlanTechnology Plan
Technology Plan
 
Emerging Technologies Assignments
Emerging Technologies AssignmentsEmerging Technologies Assignments
Emerging Technologies Assignments
 
Tetrads project-obsolete-emerging
Tetrads project-obsolete-emergingTetrads project-obsolete-emerging
Tetrads project-obsolete-emerging
 
Ideal Classroom
Ideal ClassroomIdeal Classroom
Ideal Classroom
 
Emerging Technology Effecting Evaluation
Emerging Technology Effecting EvaluationEmerging Technology Effecting Evaluation
Emerging Technology Effecting Evaluation
 
Individual Assignment on PPPs in Emerging Markets - Edwin Johan Santana Gaarder
Individual Assignment on PPPs in Emerging Markets - Edwin Johan Santana GaarderIndividual Assignment on PPPs in Emerging Markets - Edwin Johan Santana Gaarder
Individual Assignment on PPPs in Emerging Markets - Edwin Johan Santana Gaarder
 
Wallace and Egan Essay, complete
Wallace and Egan Essay, completeWallace and Egan Essay, complete
Wallace and Egan Essay, complete
 

Similaire à Outlook emerging security_technology_trends

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Cognitive security
Cognitive securityCognitive security
Cognitive securityIqra khalil
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographicCSC Australia
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...owaspindia
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 

Similaire à Outlook emerging security_technology_trends (20)

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Cognitive security
Cognitive securityCognitive security
Cognitive security
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographic
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Secure by design
Secure by designSecure by design
Secure by design
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based security
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
 

Plus de wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdfwardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmpwardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmenwardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securitywardell henley
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguidewardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Managementwardell henley
 

Plus de wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
It security cert_508
It security cert_508It security cert_508
It security cert_508
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Soa security2
Soa security2Soa security2
Soa security2
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 

Dernier

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Dernier (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Outlook emerging security_technology_trends

  • 1. IBM security solutions White paper IBM Security Technology Outlook: An outlook on emerging security technology trends. October 2008
  • 2. IBM Security Technology Outlook: An outlook on emerging security technology trends. 2 Executive summary Contents In the next two to five years, emerging technological and social trends will have far-reaching implications for enterprise security. This white paper out- 2 Executive summary lines the fundamental technology trends organizations can expect to see in the 2 Introduction next several years, the catalysts behind those trends and the ways in which 4 IBM and the security landscape IBM can help organizations strategically balance risk with opportunity. 6 Trend 1: Securing Virtualized Environments Introduction 7 Trend 2: Alternative Ways to As the pace of globalization picks up, traditional boundaries continue to Deliver Security disappear, melting before the relentless pace of 24x7 communications and 8 Trend 3: Managing Risk and trade. In this new global reality, “open for business” can mean pooling Compliance resources and sharing sensitive information among organizations are the 9 Trend 4: Trusted Identity de facto costs of admission to the global economy. 10 Trend 5: Information Security 11 Trend 6: Predictable Security The line between participation and isolation can also mark the line of of Applications opportunity and risk. Now more than ever, we rely on our business systems 12 Trend 7: Protecting the Evolving and automated policies to guard that line — to root out the threats, to Network safeguard our intellectual property, to protect our reputations and privacy. 13 Trend 8: Securing Mobile Devices 14 Trend 9: Sense-and-Response With the emergence of each new technology, the line can shift just a bit. As Physical Security we rush to exploit the opportunities, determined insiders and outsiders may 15 Summary seek to exploit vulnerabilities. Consequently, the potential of emerging tech- 15 For more information nologies marks a fundamental change in how organizations should approach the accompanying security challenges. To gain a perspective on the security challenges organizations will face in the next several years, the following questions should be considered: What fundamental technology trends are expected to impact organizations in the next two to five years? What strategic drivers should serve as catalysts for change? And how can organizations position themselves to profit from the myriad oppor- tunities while managing the risk that inevitably accompanies them?
  • 3. IBM Security Technology Outlook: An outlook on emerging security technology trends. 3 SECURING VIRTUALIZED ENVIRONMENTS SENSE-AND-RESPONSE IBM Security Framework ALTERNATIVE WAYS PHYSICAL SECURITY TO DELIVER SECURITY SECURITY GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE PEOPLE AND IDENTITY DATA AND INFORMATION SECURING MANAGING RISK MOBILE DEVICES AND COMPLIANCE APPLICATION AND PROCESS NETWORK, SERVER AND END POINT PHYSICAL INFRASTRUCTURE PROTECTING THE TRUSTED IDENTITY EVOLVING NETWORK Common Policy, Event Handling and Reporting Professional Managed Hardware services services and software PREDICTABLE SECURITY OF APPLICATIONS INFORMATION SECURITY We began this conversation with the Global Technology Outlook (GTO) and the Global Innovation Outlook™ (GIO) in which we shared insights around the most pressing security problems, among others. During the course of hundreds of customer engagements and extensive market research, we’ve continued to think forward with the end goal of turning these insights into actions organizations can take now to prepare for the opportunities ahead. Our collected analysis therefore points to nine important trends and tech- nologies that are expected to shape the security environment in the next two to five years. These include:
  • 4. IBM Security Technology Outlook: An outlook on emerging security technology trends. 4 • Securing Virtualized Environments — From dedicated hardware for dedicated purposes to shared In the next few years, security requirements are hardware for dedicated applications. expected to be driven by: • Alternative Ways to Deliver Security — Prepackaged security for easy deployment and quick time • A highly dynamic IT environment that can to value. respond efficiently to elastic scalability • Managing Risk and Compliance — Business risk–based and policy-driven approach to managing demands. IT security. • Trusted Identity — Toward trusted, privacy-enabling, shared and easy-to-use identities. • The ability to use electronic identities for • Information Security — Reflecting the business value of data at risk. sensitive and mission-critical purposes. • Predictable Security of Applications — Integrated security throughout the application lifecycle. • Protecting the Evolving Network — Real-time security regardless of network speed, with protection • End-user demands for more control and self- against the rise in application-specific attacks. determination with their online identities. • Securing Mobile Devices — A trusted channel for conducting business and a primary means • Secure, reliable, flexible and composable appli- for authentication. cations that can facilitate a rapid response to • Sense-and-Response Physical Security — Efficient and decisive physical security. changing business needs. These trends frame our discussion of how organizations can respond to the • Accommodation of the organization’s desired security challenges of the emerging technological and social changes ahead. In level of control of the IT environment. the following sections, this paper will outline what those technologies mean, • A risk-based approach to managing IT security the potential that comes with them and the ways in which IBM can help orga- and its contribution to operational and busi- nizations strategically manage the challenges, risks and opportunities ahead. ness risk. IBM and the security landscape • Mobile devices to be a secure source of identity Over the last several years, the evolution from the physical to the digital world and a business platform. has transformed the security landscape. Survey data collected by IBM shows that as more sensitive information has moved online, highly coordinated • High-risk decisions based on secure, high- attacks against individuals and organizations have become both more quality information sources. frequent and sophisticated with each passing year. The targets themselves • IT systems that can sense and respond to the have expanded — in the future, smart phones, payment systems such as radio real-world environment. frequency identification (RFID) and “Chip and PIN” systems, and even home entertainment systems may be progressively more vulnerable.
  • 5. IBM Security Technology Outlook: An outlook on emerging security technology trends. 5 Increasingly aware of the risk to their personal identity and information, individuals are demanding that organizations take the necessary steps to safeguard it. These expectations are reinforced through laws and regulations created to protect the privacy of personally identifiable information — credit card numbers, medical records and other potential targets. Organizations in turn should protect their own intellectual property and reputations from cata- strophic breaches. These changes and challenges in the technology environment have helped shape IBM’s own approach to security. Designed to help organizations stra- tegically manage risk across all areas of the organization, the IBM Security Framework identifies five key security areas or domains, including people and identity; data and information; application and process; network, server and end point; and physical infrastructure. By examining each of these domains in the context of potential risk elements and impact, organizations can better understand and prioritize risks and vulnerabilities. IBM intends to continue to build on the momentum we’ve created with our security framework through new offerings and services that tackle the increasing sophistication and diverse nature of security requirements, and in doing so, enable organizations to confidently realize the benefits these trends will bring.
  • 6. IBM Security Technology Outlook: An outlook on emerging security technology trends. 6 “ nformation systems labor costs I can now represent up to 70% of an information technology (IT) Trend 1: Securing Virtualized Environments operations budget; power and For the past two decades, organizations have raced to keep up with cooling costs are now 8x greater changing technology requirements by substantially building out data than a dozen years ago.” centers. With operational centers already stretching the upper limits of — Clabby Analytics1 power, space and staff resources, soaring capital costs and exponential growth in power costs are forcing organizations to examine ways to deliver Looking ahead a more energy-efficient infrastructure. Since it first introduced virtualization IBM has Unprecedented levels of scalability and responsiveness should also be in place continued to define and redefine virtualization to support the dramatic growth of shared applications, and the natural ebb technologies on its System z® and System p® and flow of service demands on resources. Based on a shared infrastructure in platforms. The IBM z/VM® system, for example, which large virtualized resource pools are linked to provide organizations with can run thousands of fully isolated Linux® systems a simple, quick and device-agnostic path to services, cloud computing delivers simultaneously. As virtualization accelerates beyond the potential to radically change the economics of running a data center. the mainframe, IBM is applying the knowledge gained over the decades to other virtualization Through the ability to define and standardize collections of resources, cloud platforms. computing offers simplification on a grand scale, providing an opportunity IBM continues to research and develop tech- to streamline and standardize the security approach and configurations nologies for managing the security of virtualized throughout the organization. In turn, the simplification feeds on itself — since environments through its Phantom project for vir- resources can be managed in a similar fashion, a larger number of virtual tual machine (VM) protection and secure cross-VM resources are manageable. communication, and for managing full infrastruc- ture isolation through its Trusted Virtual Domains Despite the tremendous opportunities cloud computing holds, however, it can research project. also bring additional challenges: As part of its ongoing commitment to stronger • Organizations should be prepared with strong isolation management capabilities that separate security within virtualized environments, IBM the applications, data and infrastructure dedicated to one tenant from the rest of the tenants, with Internet Security Systems (ISS) Proventia® offerings isolation policies that can be applied across multiple virtualization platforms. have been extended to virtual form factors, IBM • The integrity of the virtual environment should be protected and managed as robustly as the Tivoli® Access Manager for Operating Systems is physical environment. Traditional security capabilities, such as network monitoring and intrusion providing capabilities to monitor privileged user detection, should be applied to the virtual environments. activity in VMs, and IBM WebSphere® DataPower® • Because virtualized resources are stored as data images, they are subject to corruption. SOA Appliances provide security protection to Organizations should establish image management capabilities to protect and maintain the resource applications running on virtual hosts. definitions, including robust change and patch management procedures. In addition, the IBM Blue Cloud offering helps operational center services run across a distrib- uted, globally accessible fabric of resources, rather than on local machines or remote server farms.
  • 7. IBM Security Technology Outlook: An outlook on emerging security technology trends. 7 Trend 2: Alternative Ways to Deliver Security The economics of managing and operating complex, specialized IT security services is driving a focus for new forms of packaging and delivering security services. There are two key factors that influence this increased diversity. First, the IT organization should decide how much control they want to maintain. Are they comfortable with the idea of another company providing their security services or do they want to manage security themselves? Second, the complexity of the IT environment can heavily influence how the IT organization chooses to obtain security capabilities. Some companies have relatively simple, self-contained IT needs. On the other hand, some companies have highly dynamic environments that have the ability to quickly adapt their IT services to new business needs. In addition to traditional software offerings, managed services and outsourcing arrangements, IBM sees several trends in the delivery of security capabilities: Appliances. In the past, IT appliances meant “one host dedicated to one specialized function.” Today’s appliances are becoming platforms in their own right, evolving to a single deliverable that contains all of the operating system, middleware and applications preinstalled and preconfigured to perform multiple functions targeted to a single domain of operation. Appliances are also moving to increasingly modular physical form factors as well as virtual form factors. Software-as-a-Service (SaaS). While managed services typically have dedicated infrastructure for each customer, SaaS platforms deliver “one-to-many” service in which a single platform provides a type of service to multiple customers simultaneously. These shared infrastructure systems can provide standardized services with little need for customization. Cloud computing. Virtualized platforms and cloud computing environments support highly dynamic environments with elastic scalability needs. These dynamic environments can be used to create “cookie-cutter” definitions of resource pools to standardize application deployment and other IT services that can be deployed in massive numbers in very short times, leading to a “utility” approach to consuming security services.
  • 8. IBM Security Technology Outlook: An outlook on emerging security technology trends. 8 Trend 3: Managing Risk and Compliance Looking ahead Many organizations are re-examining their business continuity and resiliency IBM is an industry-leading provider of services strategies. Companies are realizing that disaster recovery plans are simply and solutions helping IT organizations analyze not enough; even everyday small disasters can have big consequences for a and understand their operational risk. When the company’s ability to conduct business. banking industry formed the Operational Risk Exchange to share operational risk data with each Operational risk can cover any activity that impacts business processes, other and establish industry benchmarks, IBM including theft, insider fraud, loss of physical facilities or other capital assets, brought the analytics expertise. IBM Banking and failure to meet safety and other regulatory requirements. Because IT is Data Warehouse provides a proven model for ingrained in virtually every aspect of a company’s activities, IT risks are a managing operational risk. IBM Cognos Risk major component of operational risk. For example, what if an unauthorized Management Cockpit, along with the other prod- employee is able to bypass the security protections of a key financial reporting ucts in the IBM Cognos Business Intelligence application? What if archive tapes with customer data are lost? What if the solutions family, provides risk reports, dash- data center loses power? Looking at IT security and resiliency issues from boards, event management, scorecards and risk an operational risk perspective helps the chief information security officer analysis capability in a single environment. (CISO) prioritize time and money investments in ways that can have the best impact on the company’s operations. The IBM service oriented architecture (SOA) policy management strategy provides a traceable However, more and more of the IT landscape is out of the direct control of way to associate security policies with SOA ser- the CISO — through outsourcing, IT integration with business partners, the vices and transform those policies into security use of managed security services or other IT resources owned by others — requirements and security configurations. which means the CISO is becoming an increasingly policy-driven and For managing security configurations, IBM consultative job. IT security is therefore evolving toward evaluating IT’s Service Management offerings and the IBM Tivoli contribution to operational risk and developing policies and controls to zSecure family of offerings enforces rigorous mitigate those risks both in the IT infrastructure controlled by the CISO change control processes on IT environments, as well as outside IT resources. while IBM Tivoli Compliance Insight Manger, IBM Tivoli Security Compliance Manager and IBM Tivoli Security Information and Event Manager monitor for out-of-process security issues.
  • 9. IBM Security Technology Outlook: An outlook on emerging security technology trends. 9 “ ur identities are under attack O from all sides, with identity theft claiming a new victim about Trend 4: Trusted Identity every 2 seconds.” In a global economy where billions of people connect daily, identity has taken — Facts and Statistics, on a new focus. Each transaction depends on the level of trust each party Identity Theft Resource Center, April 30, 2007 places in the integrity of the other’s credentials and the systems supporting them. Yet considering the rising instances of identity theft and fraud, that trust may well prove overly optimistic. Looking ahead Building on IBM’s industry-leading Tivoli Identity With the goals of improving identification and enabling higher-value and Access Management family of products, as transactions — like healthcare authorizations and high-value banking well as the Tivoli zSecure suite and IBM Resource operations — governments and enterprises are working to create identity Access Control Facility (RACF®), IBM is finding management models where baseline identities can be more highly assured, solid and sustainable solutions to present and with stronger identity credentials that are better protected from tampering future challenges.2 IBM is working with open and forgery. standards organizations to make identity man- agement simpler for individuals. IBM is a major On the commercial side, identity systems continue to proliferate, forcing contributor to the Eclipse project Higgins, which individuals to become their own identity administrators, juggling a mixture defines a user-centric “identity metasystem” to give of self-created and third-party issued identities for every service they interact individuals more control over their credentials and with, and balancing the trade-offs between privacy and reputation that come personal information. IBM is also a supporter of with increased disclosure. the OpenID initiative, an open-standard, third-party credential provider that enables individuals to use Going forward, the challenge lies in developing a common set of identity a single credential across multiple online services. policies, processes, best practices and technology, as well as multipurpose Both of these systems are supported in IBM Tivoli identity systems that can be used across service providers. These systems Federated Identity Manager. should be able to accommodate complex identity relationships while providing a simplified way to address common identity processes and The IBM Trusted Identity initiative tackles the functions, including enrollment and proofing, credential management and weak links and end-to-end integration problems identity usage. At the same time, the identity systems should respect the in current trusted identity systems, ranging corresponding conventions and limitations of societal and cultural boundaries, from the identity proofing stage — where a including privacy, reputation and individual rights. large percentage of identity fraud and theft has its roots — to the usage of trusted identities in online and offline scenarios. The trusted identity showcase — a focal point for state-of-the-art identity management technology — offers demonstrations and executive briefings on improving identity proofing using IBM Global Name Recognition and IBM Relationship Resolution technologies.
  • 10. IBM Security Technology Outlook: An outlook on emerging security technology trends. 10 According to the Privacy Rights Clearinghouse, over 226 million records containing sensitive personal information have been involved in security breaches since they started counting Trend 5: Information Security in 2005.3 Today, an ever-expanding volume of information continually and freely circulates across and beyond enterprises, governments and social networks, Looking ahead aided through the proliferation of open, collaborative environments, Web IBM is a leader in hardware-based encryption 2.0 mashup technologies and intelligent data streams. A boon to online management, offering a line of encrypting tape communities, the information explosion has nevertheless created a nightmare drives such as the TS1120 and TS1130, and full for organizations with the proliferation of databases and corresponding disk encryption capabilities in the IBM System increase in data leakage that raises the potential for data breaches and the Storage™ DS8000 Series family of disk systems, chance of inappropriate disclosure or use of intellectual capital. including file system-level encryption capabilities for IBM DB2® servers. IBM also offers an Already a boardroom issue, organizations can expect a continued push to enterprise-scale key management infrastructure minimize the risks of data breaches. As a result, there should be a new focus through IBM Tivoli Key Lifecycle Manager and on privacy management tools with the capability to mask data, particularly lifecycle management tools to help organizations in nonproduction environments such as application development where efficiently deploy, back up, restore and delete keys protection of data continues to be less stringent. This focus can reinforce the and certificates in a secure and consistent fashion. need for cryptography, and subsequent demand to simplify the complexity of the key-based algorithms and management of keys throughout the lifecycle. DB2 and IBM Informix® offer access control features including a sophisticated Label Based There is expected to be more internal pressure to link trust in data with Access Control (LBAC) mechanism that allows decision making. Collectively, security practices — including data steward administrators to control read and write access of assignments, data monitoring, policy-based data classification and security a user at the table, column and row levels. DB2 requirements records — should provide the metrics that calculate and reflect and Informix also support single sign-on through Kerberos integration. the security protections for a particular repository. These metrics can be used in formulating “trust indexes” that can guide decisions about the use of a data As part of an integrated data management repository — a repository with a high trust index association can be used for approach, the IBM Optim™ Data Privacy Solution high-risk decisions; conversely, a repository with a low trust index association provides policy-based deidentification and mask- should be used only for low-risk activities. ing capabilities to protect confidential data, while the IBM Optim Data Growth Solution helps enforce secure access to archived data based on estab- lished data governance policies. These data protection capabilities provide a trustworthy foundation to use enterprise informa- tion assets for business optimization in a way that reflects the value of information and protects individuals’ privacy. The IBM InfoSphere™ and IBM Cognos product families build on the security foundations to ensure that information is accurate, complete, in context and actionable.
  • 11. IBM Security Technology Outlook: An outlook on emerging security technology trends. 11 Trend 6: Predictable Security of Applications Looking ahead In 2008, a new type of threat known as SEO code injection or poisoning A longtime contributor of best practices for secure impacted around 1.2 million Web sites, including some very high-profile sites. software development, the IBM Rational® Software As the dust settled from this exceptionally destructive threat, it became clear Delivery Platform — including IBM Rational Team that applications had become ground zero for hacker attacks. Concert, IBM Rational Asset Manager and the IBM Rational AppScan® family of Web application secu- Part of their vulnerability lies in the evolution from monolithic applications rity solutions — offers features for managing the to composite applications, both in SOA–style process choreography and chain of custody of software artifacts throughout the through Web 2.0–style widgets and mashups. These composite applications application lifecycle and can enforce security testing can include application code from a wide variety of sources in a true mix-and- as part of the software development process. match fashion. Though it has tremendously improved programmer efficiency and enabled many nonprogrammers to compose sophisticated applications The IBM Tivoli Access Management family of prod- with little training, it can leave applications vulnerable. ucts and WebSphere DataPower SOA Appliances protect applications from unauthorized access and Perhaps the most challenging aspect of composable applications is the inability malicious messages. to fully understand the composition, and therefore the security posture, of the Correspondingly, at the data level the IBM Optim application until it is deployed. Only then — when it’s too late — are all the Data Privacy Solution can integrate with IBM contributing elements exposed, including malware and vulnerabilities. Rational Data Architect to create privacy specifica- tions that can be used across test databases. This challenge is causing the embedding of security development expertise into the tools and development platforms, to perform security checks at The Rational AppScan family of offerings com- each stage of development and to combine the component scanning into bines application scanning and security checks a composite analysis. Organizations should also be ready to track the throughout the phases of the software development provenance of deployed software artifacts to ensure the integrity of mission- lifecycle into a composite analysis of the applica- critical applications. Because malware can be introduced at virtually any stage tion security profile on an enterprise scale. of the lifecycle, organizations should be able to establish and track a chain of custody as software moves throughout the lifecycle.
  • 12. IBM Security Technology Outlook: An outlook on emerging security technology trends. 12 The total average cost to United Trend 7: Protecting the Evolving Network States companies is $182 per The need to accommodate bandwidth-intensive applications such as VoIP, streaming video and online gaming has become a race to meet growing record compromised, equating demands for speed and bandwidth. With speeds now reaching 10G and to an average price tag of beyond and traffic loads hitting unprecedented levels, service providers have $660,000 per company increasingly less visibility and knowledge of the traffic going through their in expenses. networks. As IT policies force more network encryption and virtualization — Ponemon Institute survey, creates new networks inside the server infrastructure, visibility is expected to October 2006 become even more opaque. Looking ahead As a consequence, network security should become more elusive, even as new types of attacks emerge. Virtualized environments create the possibility for Built on its RealSecure® family of intrusion detec- guest hosts to launch network-based attacks against other hosts. Other attacks tion solutions (IDS) products and its Proventia likely will target session initiation protocol (SIP) proxy servers, domain name family of IPS offerings, IBM is working to create a system (DNS) servers and the upper layers of the open system interconnect new security-consolidating paradigm of network (OSI) stack, including attacks on application-specific protocols and schema. protection. Backed by the IBM ISS X-Force® research and development team, IBM Proventia Combating these attacks likely will require more than traditional intrusion Network Intrusion Prevention System GX-series prevention systems (IPS) and firewall technologies. Addressing these evolving offerings can provide protection for physical, threat requirements should require a total defense-in-depth strategy based on virtual and blade-based appliances. Other IBM a highly scalable, collaborating security platform with unified and coordinated offerings deliver new classes of protection, such as network, server and end-point protection technologies. Web application protection and data loss preven- tion (DLP), combined with IPS and other functions, in a single appliance. Working in collaboration with ISS network protection solutions, IBM is creating extensible in-dwelling security within IBM products. In addition, IBM STG and semiconductor teams are working on security acceleration functions in silicon as part of its PRISM project and working to expand the protection ecosystem by creating a framework to integrate third-party protection solu- tions with unified management.
  • 13. IBM Security Technology Outlook: An outlook on emerging security technology trends. 13 There are 3.3 billion mobile Trend 8: Securing Mobile Devices phones in the world today, Of all the technologies available, the mobile device represents perhaps the greatest intersection between opportunity and risk. Diverse in design and use, compared with 1.6 billion and capable of delivering data, applications and services anytime, anywhere, Visa cards. the mobile device has the potential to change the way governments and — IBM Global Innovation Outlook4 enterprises conduct high-value, mission-critical transactions. Looking ahead While the mobile device offers a compelling case as the new prevalent Over the years, IBM has pioneered a range of channel for conducting business and primary means for authentication, much services, offerings and standards to help organiza- work lies in the area of security. Even as they rapidly supplant the PC, mobile tions unlock the potential of the mobile device in a phones are increasingly subject to the same types of security attacks — but secure and sustainable manner. To help secure the even less mature at deflecting them. mobile platform, the IBM Lotus® Expeditor family of products offers a turnkey deployment platform In the near future, improvements are needed in two key areas: mobile that provides a variety of security services such platform security and telecommunications network protection. With mobile as authentication and encryption for applications platforms becoming more open, the mobile application development running on the platform. The IBM SecureBlue environment, deployment processes and run-time environment should research project is exploring ways to make the be authorized, secure and free of corruption. And as mobile phones are hardware components of mobile devices secure increasingly vulnerable to malware and other types of attacks, telecom- and tamperproof. munications service providers should augment their network security by monitoring their network traffic for security threats while maintaining In the area of telecommunications network security, optimal service levels. the IBM BladeCenter® PN41 provides customizable Deep Packet Inspection (DPI)-based security capa- bilities that telecommunication networks can use to protect mobile devices from malware and other security threats.
  • 14. IBM Security Technology Outlook: An outlook on emerging security technology trends. 14 Trend 9: Sense-and-Response Physical Security Looking ahead In the IBM 2008 Global Technology Outlook, we noted the growing demand The IBM Smart Surveillance Solution builds on for low-latency event analysis of physical events for millisecond sense-and- sense-and-response technology, providing multiple respond reactions. For example, applying RFID stickers to pallets in a supply decision-integrating sensors and cameras and chain enables IT systems to become aware of the state of the supply chain extending the querying capabilities of standard and raise alerts and take actions as necessary to keep the supply chain digital technology. Designed for a number of running smoothly. industries, it allows organizations to sense and respond to trends and activities based on an open This same sense-and-respond paradigm is now being applied to real-world architecture framework that can easily scale to security. Video analytics enable automated surveillance through object and accommodate new monitoring technologies or people recognition, as well as behavioral analysis. In real terms, this allows analytical algorithms. security officials to program an IT system monitoring a particular camera to detect cars entering a certain area delineated on the screen and staying for longer than 20 minutes without leaving. Or they could perform a metadata- enabled search through an archived video to find a particular type of event such as “a blue sedan crossing this intersection.” Underlying the trend toward this sense-and-respond technology is the idea of giving IT systems a deeper understanding of the semantics of what they’re observing. This development likely will correspond to the modeling of more sophisticated behavioral activity models used as baselines for observed activity. As the technology matures, look for video analytics to be widely adopted for both smaller environments and larger, more complex investigations. As more video cameras are deployed across the globe, however, the limitations are becoming apparent. The most obvious drawback is the human element — that is, a camera can monitor a crowd but someone must monitor the camera. At the same time, human watchers can raise potential privacy issues, particularly where personal information can be compromised. The challenge is to enable IT systems to monitor the cameras in ways that protect the privacy of individuals while recognizing situations that require human attention.
  • 15. IBM Security Technology Outlook: An outlook on emerging security technology trends. 15 Summary This paper has outlined nine trends that will gain increasing prominence in the next two to five years. Given these trends, it is likely that these next few years have the potential to bring tremendous risk. But they can also usher in a wealth of opportunities. It’s how the risk is managed that should determine how an organization thrives — or fails — in the face of emerging technologies. While most security vendors focus on and manage one area of risk, IBM’s approach is to strategically manage risk end-to-end across all areas of the organization. This strategy allows organizations to better understand and prioritize risks and vulnerabilities based on their potential to disrupt critical business processes. Through world-class solutions that address risk across each aspect of your business, IBM can help you build a strong security posture across the organ- ization and position you to reap the rewards of emerging technology trends. For more information To learn more about emerging security technology trends, contact your IBM representative or IBM Business Partner, or visit ibm.com
  • 16. © Copyright IBM Corporation 2008 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America October 2008 All Rights Reserved IBM, the IBM logo, ibm.com, AppScan, BladeCenter, DataPower, DB2, Global Innovation Outlook, Informix, InfoSphere, Lotus, Optim, Proventia, RACF, Rational, RealSecure, System p, System Storage, System z, Tivoli, WebSphere, X-Force and z/VM are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at ibm.com/ legal/copytrade.shtml Linux is a trademark of Linus Torvalds in the United States, other countries or both. Other company, product and service names may be trademarks or service marks of others. Disclaimer: The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the reader may have to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation. 1 “The Data Center ‘Implosion Explosion’ … and the Need to Move to a New Enterprise Data Center Model,” www-03.ibm.com/systems/resources/systems_optimizeit_ datacenter_pdf_nedc.pdf 2IDC Worldwide Identity and Access Management 2008-2012 Forecast and 2007 Vendor Shares, August 2008 (Doc #213650). 3 http://www.privacyrights.org/ 4 ibm.com/gio IBW03001-USEN-00