The present and future of IT security

Mobile working and virtualisation could boost security - this and other insights on the past, present and future of IT security from Gartner research vice president Jay Heiser.

Security, like the rest of the IT industry, changes fast. Techniques that businesses have previously used such as defending the perimeter' are now becoming rapidly redundant as remote working and the use of mobile devices become a major part of day to day working life.

Analysts at Gartner continually look at security in IT and are very well-qualified to give an unbiased view of what will come in the future, especially when it comes to security and the business working side by side.

Ahead of this year's IT Security Summit held in London, IT PRO interviewed Research Vice President Jay Heiser, who has 22 years experience in the IT industry before moving to Gartner four years ago.

Businesses causing their own trouble

Advertisement - Article continues below
Advertisement - Article continues below

Heiser said that he felt it was the nature of business to make its own vulnerabilities. "The threat environment is outside of our control," he said. "In terms of digital theft, the criminal threat is becoming more significant."

Generally, businesses were becoming more complex and distributed, giving criminals more opportunity to make money. He stressed that complexity was by no means a bad thing, but there had to be balance when it came to these growth issues and the needs of security. "The profession of those people who stop things from happening to computers [in the security industry] puts a premium on vision, which is about looking down the road and anticipating the potential impact of the things businesses need to have," he said.

Gartner particularly emphasises the alignment between IT risk management and business, which Heiser said has traditionally not been areas well-understood by IT security professionals. "Traditional security people have always said this is bad you would be an idiot to do this'," Heiser claimed. "They seemed to be certain in their own minds, despite not understanding where the money came from."

He said that in an ideal world, the world of security needed to align with business without losing the basic expertise. "That's key, because these are arcane things [the expertise], and people who are really good at this are in most part people who do not care about business," Heiser added.

"The leadership trick is to make use of these people who have special skills but don't see the big picture."

Bringing the web into the picture

Advertisement - Article continues below

In the last year one of the big things Gartner was seeing was consumerisation of technology as well as the rise of Web 2.0. While it has had been around for quite some time, businesses are still trying to get a handle on it. Heiser described how Web 2.0 leveraged existing vulnerabilities of minor significance which were then mashed' up with other capabilities to create new repurposed vulnerabilities.

Businesses could now buy applications, hardware and integrate with partners without getting IT involved, such as the use of Software as a Service, with the security ramifications still not yet appreciated.

Mobile working and virtualisation boost security?

The analyst went on to say that remote working and the increased use of smartphones was a two-edged sword when it came to IT security. Of course it had the potential to increase risk, but Heiser said that new technologies could also keep information safer as it would involve accessing data remotely rather than having to carry it around, such as with laptops.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020