If 2012 is any indication of things to come, 2013 will be the year that IT organizations start implementing significantly more comprehensive approaches to managing security. According to Steve Robinson, vice president of worldwide development for strategy and product management within the newly formed IBM security systems division, roughly half the customers that IBM deals with have appointed a head of IT security in the last year.
Most of those appointments have been within the IT organization. But Robinson says a fair number of those people may also report into chief risk officers, the legal department and, in some rarer cases, the CEO. Their existence, says Robinson, is testimony to just how tough a year 2012 was in terms of securing the enterprise.
Rather than focusing all their efforts on perimeter security for 2013, IBM is predicting that we’ll see a number of strategic security initiatives, including:
- Cloud security will go from “mystery and hype” to become a more routine activity.
- By the end of 2014, mobile devices will be more secure than laptops are today.
- Compliance initiatives will be more tightly coupled to security.
- The amount of data that will be collected to deal with advanced threats will increase.
- Data scientists with security expertise will be in high demand.
- Sharing of security data between government and the private sector will increase.
- Aggressive mining of “social dark channels” to identify potential targets will increase.
Perhaps the most surprising of those predictions is the level of security that will be found on mobile computing devices. Unlike previous generations of client devices, security concerns relating to mobile computing, especially in the context of transactions, will result in these devices becoming more secure than the average PC within the next two years.
The degree to which organizations will pursue these various initiatives, says Robinson, will be governed by their tolerance for risk. IBM is betting that as security as a whole becomes more complex to manage, IT organizations will decide to rely more on managed services provided via the cloud by providers such as IBM, which is one reason IBM is investing heavily in security intelligence software.
Whatever the eventual outcome, it’s pretty clear that IT organizations will need to significantly up their security game in 2013, if for no other reason than that multiple types of purveyors of malware already have.