6 security trends to watch in 2010
Technologies and techniques that will emerge to help protect data and identities
- By Patricia Titus
- Dec 23, 2009
Security became a watchword for the nation during the first decade of the new millennium. The events of Sept. 11, 2001, exposed, in a single day, our many vulnerabilities and focused the nation like never before on securing the homeland from threats on many fronts. The quest for security continues as we enter 2010 facing persistent as well as emerging threats and risks, which include increasingly sophisticated and difficult-to-detect cyber attacks and new vulnerabilities and challenges related to the growth of social networking sites and the use of cloud computing environments.
Looking ahead to 2010, we can expect to see six important security trends emerge as government agencies work to protect data and strengthen identification methods in response to increasingly acute security threats:
1. The consumerization challenge
As government agencies begin to embrace consumer technologies such as smart phones to help them achieve their missions, the consumerization of IT will continue to blur the perimeters of the enterprise network. As a result, organizations will begin to shift their focus to data protection as opposed to just traditional network security or infrastructure security. As more employees and consumers in both the public and private sectors use these devices to conduct business online, organizations must look for new ways to protect data beyond simple personal identification numbers and passwords. Consumer devices ― increasingly targeted by malware and spyware ― will increase the demand for more robust and up-to-date security platforms and anti-fraud applications to ensure the protection of mobile online transactions in the public and private sectors.
2. A good offense
Trojan attacks will continue to be a threat and will increase in sophistication. As such, government agencies will need to take an offensive stance to better guard their data against increasingly sophisticated and harmful threats. With this in mind, agencies will likely move toward adopting a more comprehensive, integrated view of their IT environments and will seek to better understand the human element behind illegal activities to help them pinpoint, in advance, when, where and how attacks are likely to happen. The movement to behavior detection or predictive analysis currently used in the physical security world will gain momentum in data protection.
3. Cloudy forecast
Government agencies also will begin to reverse the tendency of “protecting everything” and instead prioritize security controls based on whether the data in question presents low, moderate or high levels of risk. Consequently, more government organizations will begin moving less-sensitive data that generally is made available to the public into cloud computing environments to attain cost savings in 2010, and will plan to migrate more sensitive data to the cloud as new security models and solutions emerge to address multitier data protection.
4. Proactive ports
Port security officials will take a more predictive, proactive approach to preventing threats at key ports of entry. Rather than focusing on mere compliance with security standards, ports will actively begin assessing risks, simulating response efforts and creating more robust disaster recovery plans in the coming year. In addition, we can expect to see an increase in U.S. land-based port cargo activity, as Asian shipping lanes divert shipments from the congested sea ports of Los Angeles and Long Beach, Calif., to Canadian and Mexican ports. As a result, pressure will increase to rapidly scan cargo shipments as they cross land borders into the United States.
5. Biometrics on the border
The coming year will see a tipping point in the use of biometric identification tools such as iris, facial or fingerprint scans to verify identity at the border and customs areas in airports. Many governments have invested in an electronic passport infrastructure but have not yet used it. In the coming year, we will likely see an increased rollout of electronic passports, which contain a chip to store biometric data that can be matched to its owner to verify that the person carrying the passport is the owner of the passport.
In a related development, the Homeland Security Department sponsored a project in 2009 that demonstrated the ability to integrate multiple iris recognition technologies on a single platform – eliminating the need for DHS and other organizations to limit iris recognition capabilities to a single vendor. This capability has launched a new frontier for biometrics use in the public sector. With rapidly evolving capabilities and proven interoperability, iris recognition solutions are poised to leap from emerging technology to security mainstay.
6. Taking IT to the streets
Mobile biometric devices will increasingly allow governments to take more biometric-based critical services directly to their citizens, rather than requiring their citizens to come to the technology. Police forces in the United States and United Kingdom have already started using mobile fingerprint scanners to facilitate faster processing. In Australia, police officers can use the device to access the national fingerprint database from the field to scan the criminal database for a match. Such devices will also increasingly aid in the identification of individuals in a disaster situation.
Given the potential harm that can result from new and more dangerous forms of physical and virtual attacks, organizations – particularly in the public sector – can no longer afford to wait until they are attacked to defend themselves. The urgency to act has and will continue to escalate in tandem with threat and risk lists. The good news is that organizations have at their disposal a growing arsenal of emerging and evolving technologies that enable them to more closely monitor behaviors, developments and identities to better predict and prevent attacks before they happen.
Patricia Titus is vice president and global chief information security officer at Unisys.