Cyber attacks against commercial companies are not only rising in frequency but are also becoming increasingly sophisticated. The growing threat has raised the corporate awareness, and many firms have become more receptive to new technologies like cloud and BYOD (bring your own device). As we enter 2013, I see a few trends that will improve overall defensive cyber capabilities.
Clinical data processing is most commonly being conducted in highly virtualized data centers where applications and databases are shared on a single piece of hardware. But the security demilitarized zone (DMZ) is still on a monolithic device that acts as a sentry for all data coming and going. In 2013 you will see the security DMZ fully integrate into the virtual environment.
In this new scenario everything will be virtualized making the system more consistent and better able to handle the next logical step – a total cloud environment.
As data centers become totally virtualized from top to bottom, the progression to a fully scalable cloud environment is inevitable. The benefits gained from fully integrating applications, services, databases and security into a virtual environment break the bonds that constrained data center efficiency and security in the past. With applications no longer tied to a single location by physical assets, why not combine all the memory, disk space and yes, even security controls, into the cloud.
I see 2013 as the year in which cloud computing really becomes an adopted methodology due to the expanded choice and control. From a purely operational perspective, the ability to scale up or down in a virtual data center is very appealing. At the same time, it also has a number of pluses for security. With security controls fully integrated into the cloud environment, single points of failure start to vanish. Rigorous change management procedures across multiple devices in multiple data centers also diminish as the security updates are made in the cloud environment for all users at the same time.
The final area that I see changing in 2013 is the use of BYOD. Mobile devices made significant inroads in 2012, but 2013 may be the breakout year for electronic data capture using these devices. Increasing volumes of data—a virtual gold mine in terms of customer insight—will create challenges around managing, interpreting and securing that information. The biggest threat with BYOD is the loss of the device—either accidentally or through theft. To alleviate that threat, I see a convergence of cloud computing to permit safe and secure storage of the data with the use of BYODs, alongside traditional workstations to actually enter the data. Now a user can enter data virtually anywhere, anytime and that data is essentially being processed at all times.
In summary, 2013 should be the year that virtualization of data collection, storage and processing via BYOD and cloud computing changes the corporate and the information security mindset. Over the past decade, data centers hunkered down and relied on the safety of the hardened site while giving up flexibility and scalability. At the same time, attackers honed their skills against a stationary target. The 2013 mindset should be one where corporations are free to grow and expand their data processing as needed. It will be safe to leave the monolithic data center because the virtual cloud environment is not stationary but a moving target that is harder to compromise.
More on Glenn Watt