ISACA has outlined what it believes will be the key trends organisations will face in 2013. With the financial climate set to remain in ‘crisis mode’ for the foreseeable future, greater collaboration, cheaper infrastructure, information overload and BYOD will remain on the corporate agenda as trends to be addressed if the organisation is to benefit. But it won’t be ‘business as usual’ as EaaS (everything as a service) is set to make an entrance, bringing with it the ‘Internet of Things’.
Ramsés Gallego, international vice president of ISACA, and Security Strategist for Dell/Quest Software explains, “It is fair to say that the present economic climate is depressed, with little sign of a recovery as we enter into another new year. While we continue to live in 'crisis mode' it does not necessarily have to translate into a hindrance to progression. In fact, for the opportunistic it can be the perfect springboard to rise from the ashes. Rather than skulk away and hope to ride out the storm, I advise we look for new ways to reinvent the way we do business; but just make sure we do so securely. Rather than doom and gloom, I think the next 12 months could witness the greatest transformation to the way we work for decades – and I am excited.”
2013 - The year of collaboration
The economic depression has already resulted in greater collaboration between businesses and organisations. In the next 12 months, Gallego believes it will develop to form the basis of 'always-on' collaboration. The explosive combination of cloud, with increased mobility, plus advancements of social media will see many utilising a heady mix of communication channels to remain in touch - instant messaging, email, video-chat, etc. 2013 is the dawn of the post-PC era.
A ‘cloudified’ world
The foundations of cloud have been sunk, and there they will remain, as companies have invested trillions of dollars into it. What will change is its infusion with the fabric of operating systems—meaning increasingly more people and organisations will embrace it. Unfortunately, however, the name does now have negative connotations; so in all probability, time will see it rebranded—be it Air, Vapour or even Breeze. Gallego predicts, as most operating systems have seamless integration with cloud, there will be the advent of ‘Personal Cloud’ before anyone notices.
ISACA’s 2012 IT Risk/Reward Barometer shows that IT professionals remain wary of public clouds; 69 percent believe that the risk of using public clouds outweighs the benefit. Opinions of private clouds are the opposite—the majority (57 percent) believes the benefit outweighs the risk. Other findings include:
* Among people using cloud for mission-critical services, there is a 25-point difference between those who use private (34 percent) versus public (9 percent).
* One of the top three high-risk actions employees can take is using an online file-sharing service, such as Dropbox or Google Docs (67 percent).
* The most effective way to reduce IT risk is to educate employees (36 percent).
For too long, organisations have been collecting information with the result that many are drowning in a sea of data. But that could be about to change. To reverse this trend, organisations will not only require storage, but introduce the right architecture and technology that will allow the digestion of this 'information overload' to analyse and convert it into actionable intelligence.
Enterprise app stores
Combined with bring-your-own-device (BYOD), Gallego predicts companies will need to introduce their own marketplaces. These ‘app stores’ will allow the provision of the workforce and their devices. It will mean central decisions can be made dependant on who the person is, what they are doing, where they are and when they are doing it. When linked with existing identity and access management solutions, it has the potential to deliver a powerful combination.
Continuing on from the previous theme, and its relevance to identity management and access governance, companies will need to revaluate their deployment of RBAC (Role-Based Access Control). Gallego believes the time has come for the introduction of CBAC (Context-Based Access Control) or perhaps ABAC (Attribute-Based Access Control). Access to sensitive information should be permitted dependent on who someone is, combined with when, where and how they are connected.
In a world where ‘business is king’ it would be fair to say that ‘service is queen’. Ramses envisions an era of EaaS. Models like ISACA’S COBIT 5 and ITIL, with cloud and outsourcing will enable this.
Beyond management: Governance.
Segregation of duties is an increasingly complex issue organisations are struggling to comprehend. However, there has to be a differentiation in terms of who does what. Management (execution, tactics, running the environment) needs to be separated from governance (having the vision, evaluating, directing). ISACA'S COBIT 5 will provide a solid foundation for organisations, which is the first framework that establishes the need to separate roles.
The ‘Internet of things’
The world is changing very fast and, while this might be true, Gallego believes epoch of countries, or even vast organisations, to have their own Internet and his belief is this trend will continue. One driver of this trend is believed political , but could also be to introduce protective and preventive measures – a secure Internet, or a place where safety can be assured. What is for certain is that, with more than 200 billion devices connected, the beginning of 'the Internet of things' is just around the corner.
Growing privacy concerns
In the coming year, IT professionals will have to manage not just threats of data leakage and identity theft, but also growing consumer and employee concerns about data privacy.
“The protection of private data often referred to as personally identifiable information (PII) is the responsibility of both organizations and individuals,” says Marc Vael CISM, CGEIT, CRISC, international vice president of ISACA. “Organisations need to ensure that PII is managed and protected throughout its life cycle by having a governance strategy and good processes in place. Individuals must think before they provide their PII to a third party, your bank is very different to an offshore gambling website. People need to be aware of the value of the information they are providing and assess if they can trust who they are giving it to. Data protection, involves improving people’s awareness, using best-of-breed technology and deploying sound business processes.”
He continues, “The consumerisation of IT, confidentiality of location-based information, privacy-by-design, and an increase in legislative and regulatory mandates that will drive more privacy audits are among the top 2013 trends in data privacy that ISACA anticipates will need to be addressed.”