|
The
arrival of new waves of technology over
the next five years will render existing
information security measures obsolete
and increase security risks in both
new and legacy environments, industry
experts have warned.
According
to Gartner, information security will
remain a major executive concern for
the "foreseeable future".
Victor
Wheatman, managing VP security at Gartner
explained: "Whenever new technology
is introduced or business fundamentals
change, management's focus in terms
of funding and resource allocation shifts
from the old to the new, creating a
security gap.
"In
this way, each new wave of technology
obliterates the security architecture
appropriate to its predecessor, opening
the enterprise up to an ever increasing
raft of security risks."
Wheatman
explained how, in recent years, fast-moving
technology developments have left the
security environment playing catch up. "In the same way that PCs broke
the host-centric security model, networked
PCs eroded the gains that had been won
in securing individual desktops. Then
we saw how distributed applications
running across LANs reset security maturity
to zero, while the inclusion of external
networks as a part of the topology reset
client/server security."
Gartner
warned that, recently, wireless networking
devices have tended to ship with security
defaults off and are often installed
outside the view of corporate IT organisation.
A
growing threat from evolving web services
that can allow data to bypass firewalls
and introduce yet another set of security
issues was also identified.
In
addition to the constant cycles of technology
change that has kept IT security managers
working overtime in recent years, the
analyst firm pointed to the cyber threats
that will ensure information security
threats
remain constant over the next few years.
Wheatman
said organisations need to evaluate
the changing threat landscape in the
context of their specific defensive
requirements.
"Perfect
security is impossible, but continual
scanning for new vulnerabilities and
monitoring for new threats are critical
and a much better investment than to
passively sit back and wait to detect
attacks. In security, the best defence
is a good offence, and the more offensive
you can be, the more secure you will
be," Wheatman added.
By
Robert Jacques, SC Magazine, www.infosecnews.com
Source:
Gartner Inc., www.gartner.com
|
