More IT decision-makers are adopting the hybrid IT model to meet business goals, giving rise to several security trends that will shape 2016.
CenturyLink research revealed that 29 percent of organisations across both sides of the Tasman cite data security concerns as the main barrier to moving IT infrastructure into a managed IT model.
“A hybrid IT solution can be more secure than traditional IT, since the provider works with the customer to design a security strategy that matches the business needs,” says Stuart Mills, regional director, A/NZ, CenturyLink.
Looking ahead, Mills expects these four security trends to shape 2016:
1 - Managing employee risk
Roughly half of all corporate breaches are enabled by internal employees.
Mills believes these most often result from employees not following security policies, either because they don’t know them or mistakenly did something they shouldn’t have, such as clicking on a phishing email URL.
To effectively manage employee risk, Mills says security measures will need to move beyond focusing on technology to realising the importance of educating employees, contractors, and partners.
“Key to this is implementing ongoing training which is reinforced by top leaders,” Mills adds.
“Executives can’t pass the responsibility to HR or IT departments. They must lead the charge themselves in order to be most effective.
“In addition to providing ongoing employee training, organisations should discuss their critical data requirements with their hybrid IT provider. This ensures that, if there is a breach, critical data will be protected.”
Mills recommends having several layers of controls in place, and sound policies, including having a CSO leading these efforts.
2 - Managing shadow IT
For Mills, the use of unauthorised devices and platforms can significantly increase the risk of data breaches, but can also make employees more efficient by giving them quick and easy access to resources.
With more and more purchases being made by lines of business, IT is being managed very differently than it was a few years ago.
“This means IT must embrace new approaches in order to be successful,” Mills adds.
“Organisations should consider provisioning cloud-based business applications for lines of business to take back control of ’shadow IT’.
“For example, letting any employee download the software they need from the organisation’s cloud means they are using legitimate versions of the software without slowing them down, and means that it is done in a way that minimises the security risk to the network.
3 - Increased partner selectivity
Mills believes organisations will be increasingly selective when partnering with IT providers.
As such, 63 percent of respondents rated security as extremely important when it comes to choosing a managed services provider, while 65 percent also cited vendor reputation as important when looking at data centre colocation.
“Companies considering a hybrid IT approach are looking for providers that can deliver a full spectrum of security products and services, and the ability to deliver comprehensive protection inside the company’s offices, in the data centre, and in the cloud,” Mills adds.
4 - Security virtualisation
High-profile hacking incidents have demonstrated that the industry as a whole is struggling to write secure code and promptly rectify security issues.
Mills believes the emerging area of security virtualisation, which combines data visualisation and machine-learning algorithms, can provide predictive analysis to mitigate threats.
“Leveraging hybrid IT and big data technologies, security virtualisation techniques monitor traffic and network patterns to identify suspicious activities and threats,” Mills adds.
“This lets organisations respond with countermeasures that may be better than conventional methods.”