The present and future of IT security

Security, like the rest of the IT industry, changes fast. Techniques that businesses have previously used such as defending the perimeter' are now becoming rapidly redundant as remote working and the use of mobile devices become a major part of day to day working life.

Analysts at Gartner continually look at security in IT and are very well-qualified to give an unbiased view of what will come in the future, especially when it comes to security and the business working side by side.

Ahead of this year's IT Security Summit held in London, IT PRO interviewed Research Vice President Jay Heiser, who has 22 years experience in the IT industry before moving to Gartner four years ago.

Businesses causing their own trouble

Heiser said that he felt it was the nature of business to make its own vulnerabilities. "The threat environment is outside of our control," he said. "In terms of digital theft, the criminal threat is becoming more significant."

Generally, businesses were becoming more complex and distributed, giving criminals more opportunity to make money. He stressed that complexity was by no means a bad thing, but there had to be balance when it came to these growth issues and the needs of security. "The profession of those people who stop things from happening to computers [in the security industry] puts a premium on vision, which is about looking down the road and anticipating the potential impact of the things businesses need to have," he said.

Gartner particularly emphasises the alignment between IT risk management and business, which Heiser said has traditionally not been areas well-understood by IT security professionals. "Traditional security people have always said this is bad you would be an idiot to do this'," Heiser claimed. "They seemed to be certain in their own minds, despite not understanding where the money came from."

He said that in an ideal world, the world of security needed to align with business without losing the basic expertise. "That's key, because these are arcane things [the expertise], and people who are really good at this are in most part people who do not care about business," Heiser added.

"The leadership trick is to make use of these people who have special skills but don't see the big picture."

Bringing the web into the picture

In the last year one of the big things Gartner was seeing was consumerisation of technology as well as the rise of Web 2.0. While it has had been around for quite some time, businesses are still trying to get a handle on it. Heiser described how Web 2.0 leveraged existing vulnerabilities of minor significance which were then mashed' up with other capabilities to create new repurposed vulnerabilities.

Businesses could now buy applications, hardware and integrate with partners without getting IT involved, such as the use of Software as a Service, with the security ramifications still not yet appreciated.

Mobile working and virtualisation boost security?

The analyst went on to say that remote working and the increased use of smartphones was a two-edged sword when it came to IT security. Of course it had the potential to increase risk, but Heiser said that new technologies could also keep information safer as it would involve accessing data remotely rather than having to carry it around, such as with laptops.