sábado, 22 de septiembre de 2012

Security Predictions 2013-2014: Emerging Trends in IT and Security

Jun 20th, 2012
Instructors at SANS Security West 2012

This is an effort to chronicle what a number of really smart people believe the state of the information security industry to be, and where we are going. A lot of the emphasis is on security threats, but we also consider what is working and what good practice is. We hope you will be able to use this in your strategic planning and also as input for your security architecture.

Some "predictive" input from SANS Security West 2012 instructors on emerging security trends:

Fear and Loathing in Information Security: What we are doing is not working. We need to review what we are doing and why. We need to re-evaluate everything, from passwords to pentests to firewalls to DLP.We have to stop doing the same thing over and over again. We have to stop being insane. My prediction? Companies will start looking for alternative security technologies to augment or outright replace many of the technologies that have failed time and time again.
- John Strand

I expect to see a sharp increase in attacks against end-users and administrators who are accessing and controlling cloud-based services (both public and private clouds). Much of the focus is on the security of the cloud itself but very often the end-users are left to their own while connecting from less secure public networks. Administrators in particular will be targeted as they hold the keys to the cloud-based kingdom.
- Bryce Galbraith

No profession has ever achieved status and creditability prior to developing effective metrics showing cause and effect, providing reliable prognostication and delivering the information needed by various parts of an organization to make informed decisions. Information security is no different. While practitioners frequently lament the profession’s lack of standing with business executives, we continue to fail to provide credible answers to essential questions and reliable evidence for the value of our craft. Most of us only provide management with obscure technical measures that do little to provide needed answers, actionable information or comfort, let alone assurance. But relentless pressure to cut costs, to increase both effectiveness and efficiency and do more with less will increasingly drive development and deployment of better metrics in the coming years.
- Krag Brotby


No hay comentarios: