- There were numerous high-profile breaches in 2015, such as Sony and VW.
- Breached data events have driven up the importance of enterprise ICT security, with new threats emerging as more companies allow end users to bring their own handhelds and use their own apps.
- There is a growing focus on threat intelligence.
The enterprise segment is evolving towards an ‘open enterprise’ environment, whereby the staff are able to use their own mobile handsets and leverage whichever apps they choose to do business. The ‘bring your own device’ (BYOD) environment opens new chinks for cyber-criminals to try to exploit, which in turn drives the company security officer to seek better methods for securing the integrity of corporate data. The increasing number of security incidents in 2015 is driving demand for security services, with a corresponding jump in allocations of ICT security spend.
Current Analysis has identified that the safest method for securing the new open enterprise environment is to adopt a multi-layered security policy and to make sure rules are adhered to and regular updates are performed. To cope with the lack of internal security capabilities, it makes sense to identify third-party experts that can help with advice, consulting and solution implementation. Service providers also make solid partners for network security, in particular in securing the WAN, thanks to owning the network and having the hands-on experience and capabilities to monitor and protect, including offering clean pipes and DDoS protection, for example. More proactive services are being marketed today that anticipate and defend against intrusions using advanced analytics, rather than following a more traditional reactive model.
The final ICT security evolution to highlight here is the growing availability of virtual and ‘as-a-service’ platforms, such as solutions available from FireEye, Check Point and Fortinet. These are allowing enterprise customers to replace on-premises solutions. Security-as-a-service offerings are more widely available, providing services that leverage virtual appliances in the cloud – either direct through a technology vendor or via an MSSP partnership. As we move into 2016, there is no evidence to suggest that cyber-security threats will wane, and all the areas mentioned above will be key to putting in place a robust security strategy.