Information

Security
2015
A Lookback
and
a Foresight
All Rights Reserved. Tom OConnor 2015

Currently, information security is becoming more and more critical, not only as a reactive
step when breaches happen but more as preemptive action of when and how a possible
attack will wreak havoc in an organization.
According to Gartner, the evidence of this focus is the

upward swing

of spending.

As organizations worldwide become more and more aware of the risks posed by the lack
of protection against cyber threats, information security spending will continue to
increase, it forecasts.
Gartner, a leading IT research and advisory firm, stated that worldwide IT security
spending reached $71.1 billion in 2014. This year's projection is at $76.9 billion. The
increase of spending from 2013 to 2014 alone comprised a 7.9% jump.
It mentioned the following as main drivers for the increase: "rapid adoption of mobile,
cloud, social and information technologies" and its consequent interactions.

The firms research director Lawrence Pingree said that as vulnerabilities in the present
systems are discovered so will new ways of effectiveness improvement, through "better
understanding" of threats in security with proper context.
"By 2015, approximately 10% of the security controls deployed by organizations will be
cloud-based, particularly when it comes to small and midsize businesses."
"While cloud-based services' competitive pricing puts pressure on the market, the cloud
is also providing new growth opportunities, as some organizations switch from deploying
on-premises products to cloud-based services or cloud-managed products. More than
30% of security controls deployed to the small or midsize business (SMB) segment will
be cloud-based by 2015," Gartner said.
Organizations more and more realize that skills are lacking for security controls
implementation and correct data protection operation. This shortage then results to a
growing managed security services offering. Part of this portfolio ranges from
infrastructure, risk management and protection of data.

On the consumer level, the awareness of mobile device users that what they carry
around daily is as vulnerable as their desktop computers to attacks will most likely
change beginning 2017 onwards as technology development emerges from what is
happening currently.
The security spending
From "$20.64 billion in 2011 to $34.46 billion in 2017," this is the projected growth of
the household or consumer security solutions spend according to MarketsandMarkets, a
research firm for home security solutions.
The Asia Pacific region is the market that is seen as the one with the most probable
growth rate.
Gaining momentum in recent years, the security solutions market for consumers relate

a spate of crimes committed through the advancement in

technology.
well to

With mobility comes portability of home security solutions all the more making access to
security on the user's level more convenient and cost effective.
Still, enterprise spending in security is still the biggest slice of the solutions pie. Rate of
growth per segment carries the same, taken altogether Enterprise overspeeding
Consumer. Obviously given the totality of impact, scope of scaleable users and cost of a
security breach. See Graph 1.

The security priorities

According to a Frost & Sullivan Global Information Security Workforce Study 2013,
surveyed organizations ranked the importance of security policies management support,
qualified security staff and security policy adherence as the top 3 most important foci.
See Graph 2.

Training of staff and budget allocation follow while software and hardware solution dwell
on the bottom of the priorities.
Clearly, management of people is at the forefront of information security. As it is
constantly evolving --- social media, BYOD, cloud computing --- business operations
happen dependent on and of the users. It is now a round the clock monitoring and
equally as dynamic as the hackers and attackers who are just waiting for that small gap
to execute their plans of infiltration. As IT becomes more dynamic and complex, so
should security staff become more adaptable and reliable with no downtime as
realistically possible.
In the same study, C level executives and officers are optimistic in terms of their
readiness in security. This echoes the same positive outlook of bigger scale companies
given their confidence in providing enough staff training as opposed to smaller sized
entities.
Banking, Finance and Insurance companies view secured software development as their
more important priority. Similarly, retail and wholesale companies, telcos and media
consider it as part of their priorities as well.

Top 5 Trends
As previously mentioned, it is an irony that the very same
technologies reinventing the workplace and making it more
collaborative and innovative --- cloud computing, mobile technology
and social media --- is as much a nightmare as it is a convenience for
an organization. Given its complexity, security is more becoming a
moving target than an endgame. Take into account that it's three
pronged: technology, processes and people. Technology is just one
part of it.

1. Trust issues.
As trust is earned, so does it become eroded by instances of breach. How safe are
financial information or any personal data?
Data compliance and governance, risk management are all part of a trust system. The IT
department may have imposed sign offs and clauses but there's a lot of movement within
the entire population of an organization to ensure nothing falls wayside.
This may be achieved by continuous business improvement and relevance, stakeholders'
benefit through services and technology and consistent education of the users in the
business.
That way it makes for a transparent, robust and well communicated initiative instead of a
reactive one.

2. Bring Your Own X.

We've heard of it, bring your own device. Yet more than that it is actually a set of
personalities being brought over to access the systems. Freely, people interchange ideas,
opinion and information without even leaving their desks. And with them a set of culture,
beliefs and ethics.
Enterprise security faces a persistent threat by the minute through mobile devices'
wireless network use. Information interception is made possible also through loss of unit
or theft bringing with it unencrypted office data be it by internal storage or external
memory.

3. The Trinity.
Now it has come, the trinity of platforms: Social + Mobile + Cloud. Said research giant
IDC, along with Big Data this trinity will grow 90% of the IT market from 2013 till 2020.
As the on demand consumer mindset is steadily driving services focused on information
consumption and transactions, it opens the gates for threats on information security
further.
How?
By being and becoming a consistent movement, transparency, privacy and security are
compromised by making the flux of information very seamless. Regardless of location,
everything happens now for anyone who has a connection.

4. The Fifth Element.

Cyber is the Fifth element next to land, air, sea and space.
Countries have shown to create battlefields online. Provided the value of their intellectual
property, the who and what of enterprises; therein lies their attractiveness to attacks.
According to the Commission on the Theft of American Intellectual Property, intrusion on
products developed in the US amounted to a $300 billion loss for its economy each year.
As attacks become directed, specific and well funded, there is no chance of not getting
into anything.

5. The Human Sigma.

Now comes the people part.
As part of its evolution, people involved in managing security not only needs to add several
skills set overnight but they also need to have a change of thinking from observer to advisor.
Mastery is so short spanned that the immediacy to be a subject matter expert is quite
pronounced. The demand has even shifted from learning the skills to becoming adaptive in
attitude as well. Having that holistic and strategic view of what may come next instead of
providing tried and tested solutions that have been effective in the past.
Being an advisor now rather than an all around security troubleshooter, one must be able to talk
compliance and governance, analytics of data, metrics and privacy all taken into one serious
business context.
All taken in, the Trinity of social, mobile and cloud is changing the way the world turns. Thus,
the critical need to see these trio to be transformative and innovative of the security panorama
rather than a disruption of it.

THANK YOU.