Against the backdrop of the economic downturn in 2008/2009, security spending did not drop; as a matter of fact, it had increased on the average. In a downturn, CIOs are even more concerned about security and therefore spending has held, with a small subset increasing their budgets. Going forward in 2010, I would anticipate security spending to continue to be strong in Singapore and the rest of Southeast Asia – and more targeted to address the security risks that come with the deployment of new technologies within the enterprise.
1. Security for the cloud and virtualized environments
Virtualization is being adopted widely and swiftly by IT organizations worldwide and enthusiasm for cloud computing has as much to do with economics as technology. Growth in the number of applications and the volume of data that must be managed have made data centers a major item of corporate expense. Public cloud computing is therefore a way to dramatically save costs in managing information in the enterprise. At the same time, enterprises are using the same concepts and technologies to build private clouds to capitalize on centralized, commoditized IT services that meet their security needs.
According to an IDG research commissioned by RSA in April this year, it was found that 73% of top IT security decision makers surveyed across the globe reported increased usage of virtualization technology, personal consumer mobile devices and social networking platforms at their companies. Also, just under one-third (31 percent) of the respondents’ companies are already leveraging the cloud, while 16% have plans to migrate applications and processes in the following 12 months. Among these respondents, a significant two-thirds (66 percent) do not yet have a security strategy in place.
I am anticipating remarkable changes in this area in 2010; as companies work toward both public and private cloud (as well as a combination of both termed as ‘hybrid cloud’) deployments, they will be conscious of following core security principles to assure users and customers of a secure cloud computing infrastructure. Organizations cannot and will not ignore the importance of doing so.
As a basic guideline for the adoption of cloud computing and virtualization technologies, CIOs should carefully consider the following three steps. The first would involve identification of information assets such as data, services and infrastructure. Next, CIOs should identify all possible threats and vulnerabilities against those assets. The third and final step is to value these assets by introducing a suitable metric, which could be as simple as classifying these as low, medium and high risks.
In general, we can expect more and more organizations taking a slow and steady approach in leveraging cloud computing and virtualization in 2010. Less critical applications will be migrated to the cloud, and more sensitive company information will continue to reside in local servers. Authentication will also be an imperative measure to ensure that information in the cloud or a virtualized environment does not land in the hands of non-authorized users or fraudsters.