Security remains one of the most debated and contested topics of the year. Predictions have come, and predictions have gone. Some have come true; others have been faintly amusing in their missing of the point, but up until recently one has been outstanding in its regularity – people are not paying enough attention to security. So, what will come next in 2017? The landscape continues to shift and evolve as new threats and technologies surface, and already new trends have emerged …
A survey undertaken by Spok1 found that 81% of CIOs put security first. Security itself has become the trend. Perceptions have moved from the idea that security is a hyped-up concept introduced by a frenzied media to recognising that it is an essential and vital part of any business strategy. In short, everyone is paying attention to security.
Confidence in systems and security is not as robust as it once was, everyone knows someone who has been hit by a cyber-attack. Organisations are consolidating their security and moving to more robust managed security environments and the South African market has woken up, especially the medium-sized enterprises. They recognise the vulnerabilities in their systems and the importance of investing in solutions which address them.
For many of the smaller businesses the changes in the security landscape are to their benefit. The high-cost, high-infrastructure investments that traditionally accompanied security solutions have changed as the as-a-Service cloud model becomes more ubiquitous. Now, organisations of any size can gain access to the technology they need without the price tag they can’t afford. This is one trend unlikely to change direction over the next 12 months. If anything, it is set for steady growth between now and 2020 according to the Global IT Security-as-a-Service 2016-20202 report which puts it at a CAGR of 19.1%.
The report also emphasised how the market is one of the most promising in its ability to reduce risk through virtualisation and integration, while allowing for the user to still gain access to the tools and mobility they need.
This neatly introduces another predicted trend for 2017 – there will be a shift in the parameters of bring your own device (BYOD) management for the enterprise, moving away from the employee and more towards corporate managed and in-device security. The security risks inherent in BYOD have become increasingly complex as organisations are unable to track apps or data downloaded or accessed on mobile devices.
However, as with all security applications, there is a balancing act between function and safety, the more security invariably means the less functionality. What often happens is that the more an organisation introduces security restrictions, the more these restrictions inhibit the flow of work and its accessibility. It is here where corporate and information risk management will start to become increasingly popular over the next year. It will give organisations the ability to assess the type of data allowed to be accessed or stored on a mobile device. Those organisations which opt to keep BYOD will likely introduce stricter documentation that outlines exactly what users can or cannot do. In addition, the adoption of mobile device management solutions will become a dominant focus in 2017.
Organisations that provide managed services are increasingly becoming trusted advisors, providing the enterprise with the tools and insight they need to match business to IT. It is a significant trend, and one which will gain a foothold in the year to come, especially for those managed services companies which have a clear understanding of business, the value of IT and how these can be blended seamlessly within the framework of security.
Organisations looking to work with trusted managed service providers need to ensure they’re working with a company which understands their priorities. The checklist for the right trusted advisor is simple – they’re open to disruption, there are no excessive upfront fees, they are passionate about the business and they are prepared to do things differently.
Another rising trend is governance, risk and compliance (GRC). It may not be new, but it has never been more relevant or required. The technology is already in place, but now there is a need for greater understanding of its impact, security and the value of data. This ties in with the shift towards mobile device management as organisations recognise the impact of GRC. Regulatory governance and legal frameworks, such as POPI, will continue to plague the corporate mind as organisations look to how they must protect their data, and adhere to regulations. They need to know where the data is, who is accessing it, and how it is managed. Solutions which support organisations in their focus on the impact of GRC will lead the way for 2017.
Overall, the leading trends sit in mobile device management, data control and access, GRC, security software investment and the impact of the cloud. It will be a year that sees the organisation focus its spend on security, paying attention to the threats and using this awareness to build layers of protection which are relevant, robust, and most importantly, flexible and compliant.
By Craig Jones