Analytics and the cloud
Data management and analytics capabilities are becoming increasingly important for organizations as they accumulate massive stores of information from a growing number of sources.
"We hope to gain much-improved predictive capability from threat analytics built on access to community and enterprise data," Daly says. "We also anticipate big gains in our privileged user and insider threat monitoring as a result of improved behavioral sensing and analytics."
Expect to see heavier investments in monitoring, alerting and response capabilities that use big-data analytics to significantly shorten response times, says James Beeson, CISO and IT risk leader at commercial finance provider GE Capital Americas. IT security will become "much more behavior-analysis driven," Beeson says.
The leading security organizations "will be the ones that are well informed, that have the ability to look broadly across not just the security technologies they hold, but the business functions, transactions and applications across the organization," Cloutier says.
"Those that look deeply into information [resources] and make sense of it, and leverage big data, analytics, artificial intelligence and machine learning will be the big winners."
Those organizations will be more likely to maintain the integrity of their networks, will have a better understanding of security trends and will be able to make security-related decisions using real-time information, Cloutier says.
Cloud-based services will help companies manage and use big data sets, Cloutier says. Because some cloud service providers will have expertise in areas such as reverse malware engineering, companies that use these services will not need to have these skills internally, he says, which cuts costs. Companies will just need to send malware data to the service provider, which will quickly review the data and send back results.
"The cloud has enabled us as security practitioners to do some innovative things with our resources without growing them," Cloutier says. But while big data, analytics and the cloud will help organizations in their security efforts, they also present new potential security threats on their own, he says. Companies will need to work with vendors to develop effective ways to protect massive stores of data that are housed both on-premise and in the cloud.
Greater focus on data protection
Information security in the future will be much more focused on protecting data than on trying to create protective perimeters around organizations in which information resides on a dizzying array of devices that are frequently in motion, Taule says.
This trend has already begun, Taule says, with companies moving away from the concept of establishing set boundaries to protect themselves. "We're continuing to the point where the only way to get a handle on this is to reassert the boundary, not at the edge of the network" but at the place where the data lives regardless of how it's accessed--whether it's via a desktop computer, laptop, smartphone, tablet, voice over IP phone, IP video camera or any other type of system, he says.
Sign up for MIS Asia eNewsletters.