EACH year, IT security specialists are faced with a barrage of new and emerging threats.
This year is no different and Unisys’ security consultants have revealed what they predict will be the top challenges in 2005.
They say the year will bring greater liabi-lity, growing mobile and cyber threats and an increased focus on identity management.
But the outlook is not all doom and gloom, according to Terry Hartmann, Asia-Pacific head of the Unisys Secure Identification & Biometrics Practice.
Although security will have significant legal, economic and technologic business impact in 2005, Hartmann says the forecast highlights the challenges and opportunities organisations will face this year.
Unisys’ predictions are based on research with clients and on the company’s security work in the field, says Hartmann.
Topping the list is a warning that application software breaches will lead to ‘lemon laws’ as customers begin to sue software providers for damage caused by security breaches.
Hartmann says it is a matter of time before a specific vendor’s application or database product is breached as these applications are brought closer to the edge of the internet.
“It is like predicting an earthquake, but a major breach of a particular application is coming closer and closer,” he says.
Lemon laws will be aimed at protecting users against damages caused by such an event and will significantly alter the economic bala-nce of power between the application software provider and the buyer, adds Hartmann.
Secondly, Unisys is concerned trusted networks involving business partners and others will grow as sources of risk.
As organisations include more external parties, such as business partners, suppliers and customers, in their business networks, there is an increased likelihood that IT infrastructures and vital business information will be compromised.
Most organisations expect cyber attacks to come from internal personnel and external hackers, but partners’ or clients’ personnel could have as much motive — if not more — for nefarious activity, warns Hartmann.
Thirdly, Unisys says the mobile realm will continue to grow as a “Petri dish” for security incidents.
This is an especially big issue for organisations in Australia and New Zealand, says Hartmann.
“The continual proliferation of wireless and mobile technology poses problems as protective technologies are not fully developed yet,” he says.
“Wireless LANs are exploding, but many do not have any security in place.”
At the same time, employees are issued with PDAs and smart phones without the security implications of such devices being considered.
“Organisations must approach mobile security from a business perspective rather than one of technology. They need to analyse the potential impact of current and future threats realistically,” says Hartmann.
Next Hartmann cautions that cyber attack styles will become virulent, with 2005 expected to deliver the first worm or virus with a truly dangerous payload that alters or destroys information at the record level.
“Possibly out of malice, but mostly for economic motives, some attackers will seek a lingering effect versus a one-time catastrophe,” says Hartmann.
The resulting problem will not be fixed by simple means, such as restoration from a previously backed-up version of data. Organisations will spend considerable time and money searching for and replacing what has been altered.
Fifth on the list is a warning that internet desperados will increase organised attacks.
A new cadre of cyber criminals is emerging who often have purely economic motives, do not fear consequences and are willing to launch increa-singly destructive attacks, says Hartmann.
Instead of only threatening to cause damage, they will begin to actually wreak havoc if their threats are not met.
The sixth development in 2005 Hartmann highlights is that organisations will turn to proactive defence-in-depth as business needs drive security.
“Faced with accountability for compliance, management has begun to realise that security is 20% technology and 80% process,” he explains.
“Off-the-shelf solutions are no longer adequate.” Outsourcing security management will be seen as a more efficient and cost-effective way to achieve optimal risk management and return on investment, says Hartmann.
Meanwhile, credit reporting agencies will become more involved in managing the consequences of identity theft and will need to help devise user identity validation methods that prevent identity thieves from using stolen details to access information from additional sources.
The eighth trend identified is the acceleration in the adoption of federated architectures for identity and access management, which enables organisations to share each other’s authentication and authorisation services.
While Hartmann says the move to federated architecture has been slower in this region, it will begin to have an impact locally.
According to research conducted by Unisys last October, 37% of US organisations plan to implement federation within the next year.
Finally, Hartmann predicts virtual directory technology will increasingly become a strategic component of identity integration projects.
This technology provides a way to view and aggregate identity information from multiple systems without physically combining the databases and eliminates the need to physically move and integrate data, says Hartmann. Enterprises will fully understand the benefits of virtual directories and make them part of their security strategy in 2005, he adds.
Far from being gloomy, Hartmann says these predictions highlight his assertion that security is, above all, a business issue.
Security resellers and consultants therefore need to understand how new trends could impact on their customers’ business.
“They need to be especially aware that new technology often appears some time ahead of the security to support it.”
Unisys IT experts predict the following to be the top IT security challenges and developments in 2005:
1 Application software breaches will lead to “lemon laws”.
2 Trusted networks involving business partners and others will grow as sources of risk.
3 The mobile realm will continue to grow as a “Petri dish” for security incidents.
4 Cyber attack styles will become virulent.
5 Organised attacks by internet desperados will increase.
6 Enterprises will turn to proactive “defence-in-depth” as business needs drive security.
7 Credit reporting agencies will become more involved in managing the consequences of identity theft.
8 Adoption of federated architectures for identity and access management will accelerate.
9 Virtual directory technology will increasingly become a strategic component of identity integration projects.