IT security must start from data

Data-centric approach for security needed in light of increasing targeted attacks, cloud expansion and IT consumerization, says Trend Micro.

SINGAPORE--The increasing amount of data has given rise to more targeted attacks, and alongside the expansion of cloud and consumerization of IT, security must now take a data-centric approach.

Data security is also especially relevant in Asia-Pacific where adoption of technology is swift and "aggressive", according to Trend Micro executives who were speaking at a press briefing here Tuesday.

The amount of digital data is growing quickly and network perimeters are expanding to support infrastructure-as-a-service, mobile users, remote offices and software-as-a-service, said Dave Asprey, vice president of Trend Micro's cloud security.

He cited an EMC-commissioned study conducted by research firm IDC which found that by 2020, data would grow by 50 times and IT departments must administer 10 times the number of physical and virtual servers.

Asprey further noted that the escalation of targeted attacks associated with data breaches against companies such as RSA and International Monetary Fund, had risen at a rapid pace. Cybercriminals have evolved from "script kiddies" who simply vandalized Web sites and committed cyber crimes for fun, to become "specialist cybercriminals" who organize planned, targeted and specific attacks that are difficult to track, he explained.

Data have "concentrations" of wealth, information and core systems within them, he noted, adding that targeted attacks usually involved stealing passwords, credit card information and other forms of important data.

"Hence, unique security challenges stem from data [itself]," Asprey said. "Data will be what cybercriminals target."

Follow, protect data as it moves
In addition, cloud computing have revolutionized the way businesses and people use and share growing amounts of data because with cloud services, data is not tied to one server or multiple servers. Instead, it can now be accessed from multiple devices simultaneously, he said.

In order to better protect data, security tools must evolve toward an integrated, adaptable approach that follows the data from physical to virtual cloud environments, he explained. He added that following and protecting that data have shifted focus from the defense of a fixed perimeter to smart, context-aware protection that travels with data.

The growth of IT consumerization and use of unsecured personal mobile devices at the workplace also mean that companies are now exposed to increasing risk, he said.

In light of the changing security landscape, marked by data breaches and new challenges from mobile devices and cloud, Trend Micro's new strategic direction now focuses on a data-centric security framework, Asprey said.

With a data-centric approach, enterprises can regain control of the data, quickly identify attacks, effectively manage the threat lifecycle, mitigate infections and attacks and secure their cloud journey, he explained.

He noted that growing adoption of cloud in the Asia-Pacific region makes the employment of data-centric approach here more pertinent than ever.

While the U.S. and U.K markets are more mature in terms of cloud deployment, Asia-Pacific is a "higher-performing" market when it comes to adoption of the technology, he explained. He noted that the growth of mobile phones in this region is already greater than that in U.S. and U.K.

Although Asia-Pacific has a "short lag" when it comes to the uptake of cloud, it has always demonstrated "speed and aggressiveness" with regard to technology adoption, Asprey noted. The region will hence be able to "catch up" with cloud uptake, and data security protection will be more necessary than ever, he said.

Additionally, the proliferation of mobile devices and IT consumerization have introduced more points of entry for cybercriminals to attack, he added.

Ken Low, Trend Micro's director of enterprise security and risk management, Asia-Pacific marketing and business development, noted a rise in more sophisticated threats in this region, citing a Google Android threat which could open a hole or backdoor entry" on phones when downloaded by users.

"These factors are why data-centric approaches are necessary, especially in this region," Low said.