SINGAPORE--Cloud and mobility are upcoming trends that will drive the business environment and, hence, influence the security landscape, note Symantec execs, who also advise organizations to step up measures to protect their employees and infrastructure from emerging threats.
At the Symantec Vision 2011 conference here Friday, Enrique Salem, the security vendor's president and CEO, reiterated that the significance of cloud computing, mobility and virtualization in driving IT transformation.
"These connections are creating greater opportunities and greater points of risk to our intellectual property, financial integrity, corporate reputation, control of our individual and corporate identities, privacy and even national infrastructures," Salem explained.
He noted that cloud computing, like utility computing, is not a "passing fad" and will reflect the biggest change in IT. As the cloud platform is increasingly used for storage management, backup recovery, user verification, monitoring and compliance, it is set transform the way people think about IT organizations, he added.
Yet, organizations are hesitant to move to the cloud because of security, he said, pointing to the Symantec 2011 State of Cloud Survey which revealed that Asia-Pacific organizations were conflicted about security in the cloud. While 84 percent were confident that moving to the cloud would not impact but would actually improve their security, ensuring security in cloud environments was a top concern of these organizations.
The consumerization of IT further affects security as consumers increasingly are bringing their personal devices into the workplace, Salem said, adding that IT is getting more pressure to enable new devices and this demand "will not be slowing down".
At a panel discussion, Art Gilliland, senior vice president of Symantec's information security group, also noted that mobility and cloud could introduce both productivity gains and tensions for CIOs.
"Cloud and these mobile devices are coming and we can only hold back for so long, so we should instead put our arms around them and start to implement controls when we can," Gilliland said.
He advised organizations to focus on information control, watch what data goes into the device, focus on gaining control and make sure they know who accesses the device.
Protect people and infrastructure
Gilliland also warned that security adversaries have special skillsets to obtain information and generate profits from the black market, including knowing their targets, being able to gain access and create a map, taking control of the asset before stealing and destroying an asset.
He added that proponents in the black market include hackers, government-funded nation states, insider threats, cybercriminals and hacktivists. Organizations need to protect themselves against these adversaries and create a strong infrastructure, he said.
According to Gilliland, companies must think about two key things. First, they must consider whether their infrastructure is secure to ensure their data is secured and there is better visibility across inventory.
Second, organizations must know where their information "lives" and put in extra protection, he said. However, he noted that companies will face challenges where they do not know where all their information reside and what sensitive information is left around the organization.
As a start in protecting their infrastructure, since people are the biggest risks to enterprise security, it is important to ensure employees understand the security landscape, Gilliand advised. He added that organizations must invest in educating their staff and make them "security smart".
Additionally, to facilitate better communication about security within the organization, businesses must document and understand the risks and ensure this common set of "rules" is shared among all employees, he said.