New research by PAC indicates three structural challenges are making cyber security an ever harder area to manage for the CIO and CISO. According to PAC these challenges are:
1. Expanding threat landscape: The increased complexity, number and sophistication of incoming threats have led to a fragmented, piecemeal infrastructure approach for security provision, which is inefficient, risky and a nightmare to manage.
2. End-point consumerisation, the Internet of Things and M2M explosion: An increase in the number and variety of devices connected to the Internet increases the opportunity of security breaches by orders of magnitude. Most security infrastructures are completely unprepared for the escalation in event numbers and types, especially those created by M2M transactions.
3. Skills shortage: The biggest challenge to many CISOs is the lack of availability of cyber security skills. Despite the professional associations that provide security accreditation, there is still a major shortfall of resource with the right blend of skills and experience to cope with the burgeoning cyber security market demand. Salaries of experienced security analysts are increasing substantially, and staff retention is proving elusive.
“Faced with a growing problem and insufficient resources, not to mention compliance with regulations, many CISOs are concluding that cyber security is now simply too hard,” explains Duncan Brown, Director at PAC in London. “We are trying to solve today’s cyber security challenges with approaches conceived 20 years ago. Something must change.”
PAC believes that there are three scenarios for cyber security that will play out sequentially over the next five years.
1. This year, PAC expects a rapid increase in security services adoption. Currently, services are focused on isolated managed security services, typically patch management and threat monitoring.
“In 2014 there will be a concerted increase in services adoption, including full service outsourcing to specialist security services providers. We are already seeing some security operations centre (SOC) outsourcing, and we expect this to increase in 2014 and beyond,” continues Brown.
The largest growth opportunity is in designing, building and running security operations. Outsourcing to an external organization provides both the required expertise on hand and the scale to make it economically viable to the service provider, and makes it cost-effective and efficient for enterprises.
2. A key response in 2014 and beyond will be the emergence and adoption of integrated and holistic cyber security solutions. One of the greatest inhibitors to manageability and efficiency of security solutions is the plethora of individual point solutions to cope with specific threats. All the key vendors have extensive but fragmented portfolios. From a CISO point of view, managing this complex array of products is a nightmare.
“Key vendors must enable integration between tools and simplify security management,” adds Brown.
“CISOs need a single view of their security estate, and will pay for a supplier that can provide it.”
PAC thinks that both software and services companies may create integration solutions. “Services firms are already building custom solutions to do this, and commercializing this IP is an obvious next step,” says Brown.
3. Context-based data security will be the key driver in the next decade. Data will be secured according to the required privacy, location, risk profile and other attributes. Incoming Data Protection legislation in the EU (and separately in other territories) will drive increased sophistication of data classification, access rights and encryption.
“A new paradigm for security is required,” says Brown. “A physical breach of a system is a means to an end. The end is always data. It is data that needs to be protected against a variety of threats.”
“Context-based data security is important, not only for its functional impact, but also because it gathers together many different technologies and disciplines. Because of this interacting technology and operational scope it will be difficult to deliver quickly. Vendors that can deliver on this vision will lead the next wave of cyber security into the latter half of this decade”, concludes Brown.
More information about PAC’s recent cyber security research under the link below.
You must be logged in to post a comment Login