Trends in IT Security
With all of the major data breaches in the past year, security is certainly one of the hottest topics in the IT industry today. Gartner recently held their annual Security and Risk Management Summit, identifying the 2014 Top 10 Technologies for Information Security. As the number of cyber threats and data breaches continue to increase, organizations are being forced to shift their security strategies and re-allocate their resources to combat attacks. According to Neil MacDonald, Gartner Vice President and Fellow, “Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable business opportunities and manage risk.” Here’s a look closer at the Top 3 technologies identified by Gartner:
Cloud Access Security Brokers (CASBs). CASBs are on premise or cloud-based software that acts as a control point to secure Cloud services. Gartner estimates 25% of enterprises will use a CASB platform to secure access to cloud-based services by 2016, up from less than 1% in 2012. Why the increase? Companies are using more and more Cloud-based solutions to manage their business. Although the Cloud solution provider is responsible for managing their own infrastructure, IT is still responsible for ensuring that the company meets security and compliance requirements. CASBs fill the gap by implementing security controls for outside Cloud services.
Adaptive Access Control. Aimed at improving mobile security, Gartner describes adaptive access control as “a form of context-aware access control that acts to balance the level of trust against risk at the moment of access using some combination of trust elevation and other dynamic risk mitigation techniques.” Essentially, adaptive access control uses contextual information such as previous behavior, location and other factors to validate a user’s identity. If a user performs an action outside of their normal behavior, adaptive access control will prompt the user to verity their identity by either entering a password or answering a security question.
Pervasive Sandboxing and IOC Confirmation. Also known as content detonation, pervasive sandboxing takes a defensive approach to intrusions by destroying or ‘detonating’ content on VMs if a breach or security incident has been detected. By destroying the data, sandboxing reduces the amount of time a hacker has the ability to manipulate or extract your information assets. Pervasive sandboxing is typically an add-on to an existing security platform, not a stand-alone product.
Click here to see the rest of Gartner’s Top 10 Technologies for Information Security.