Avecto has issued a list of five security trends it forecasts for the next twelve months: BYOD will continue to cause sleepless nights, Apple will lose market share, there’ll be a sprinkling of Windows 8 migrations, Cloud will take shape and privileged accounts will be consigned to history. Organisations could be in for a bumpy ride!
Trend 1: Bring Your Own Devices
For many years the trend of employees using personal devices for business tasks has increased and, with the anticipation that these gadgets will lie concealed in pretty paper under many an executive’s Christmas Tree this year, this proliferation could explode. That said, their use will continue to be limited to performing a handful of tasks - such as sending and receiving emails, and perhaps accessing secured desktops through terminal services and virtual desktop interfaces. The expectation is that most users will continue to perform their primary work on traditional corporate owned laptops, desktops and tablets meaning BYOD will be confined to secondary devices such as phones or tablets.
Mark Austin, CTO and cofounder of Avecto believes, “Security concerns will continue to hamper BYOD so I don’t think we will realise its full potential just yet. That said, people will bring these volatile devices with them so organisations must remain vigilant if their systems are not to be exposed to unnecessary risks. My advice would be to make sure the workforce knows the risks of using these devices, that as an organisation you have policies in place to control their use.”
Trend 2: The March of Microsoft Tablets and Ultrabooks
At the end of 2012 Apple’s share price took a battering as evidence mounted that it is slipping behind on all its gadget fronts. This downward trend will continue as iPads and Macs retreat from the enterprise, in favour of corporate friendly Microsoft tablets and ultrabooks. These technological advancements are likely to fuel the drive of users replacing ‘out dated’ laptops with tablets or hybrid devices running Windows 8 OS. Austin adds, “I would expect these devices to be predominantly corporate owned, and may even suppress the BYOD phenomenon. One reason is this type of device, while still relatively expensive, can be secured and managed like traditional laptops, a key consideration against the backdrop of increasing targeted attacks. Organisations will need to think, but importantly be able to act, to ensure these endpoints remain secure.”
Trend 3: And then there’s Windows 8
With many organisations recently migrated to Windows 7, it’s unlikely that companies will look to roll out Windows 8 in scale. Instead it will appear in pockets, largely driven by the introduction of new tablets, ultrabooks and hybrid devices, as mentioned above. For that reason many organisations will not only face the challenge of having a mix of corporate devices, but also running two operating systems. Austin advises, “I’d suggest deploying Intel tablets, from a security perspective, as they can be secured like traditional devices. Organisations will need to consider not only what devices to allow, but also what applications the workforce can utilise. This can be done through the use of whitelists, and assigning privileges, to only approved apps.”
Trend 4: Vapour Trails or Cloud
Similarly to BYOD, Cloud is another trend that has been lingering for a while causing complications for organisations. The reality is there are still only a small number of true cloud companies operating. Austin’s thinking is that “Cloud will continue to gain momentum, but it will be ‘true’ cloud and not the vapour created by cloud wannabes. However, its use raises the thorny issue of data loss prevention, especially with all the cloud based storage providers. Corporates must find ways to classify what is corporate versus personal data, and afford it the correct protection wherever it resides. For example, corporate data should only be readable from an authorised device. The challenge is, to classify data correctly, the user has to be included in the decision-making process.
Trend 5: Goodbye Privilege Accounts
For many years, organisations have struggled with the proliferation of admin accounts within the environment. However, the risk posed as a result has risen to the forefront with malware able to abuse this elevated status. Many organisations still have users logging on with admin rights, as they require these rights to perform their role. However, the reality is even a true administrator can log in as a standard user, and keep the environment fully functional and secure, with the use of privilege management. Austin explains, “Users should not be logging on with admin rights to perform their day to day activities. The only way to secure the endpoint today is to take a proactive stance and reduce the number of privileged accounts. Only then can you mitigate many of the threats that target the enterprise.”