DTX Manchester DTX Manchester
  • About Us
Wednesday, 27 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Where to from here?

by The Gurus
September 1, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Where to from here?
By Graham Williamson, Senior Analyst, KuppingerCole.

A recent post by John Dunn about what’s hot, and how long is it going to be hot, got me thinking – how does a security guru decide where to place his/her interest and how do you decide in which area to develop expertise? I’ve met many highly experienced security consultants who are stuck at level 3 in the OSI stack and don’t seem to realise that the wave has passed them by, there is no network perimeter anymore and the demand for expertise in configuring firewalls has, at best, plateaued. But rather than bemoaning our lot in life let’s look at the future, it’s remarkably bright.
It seems there are two broad directions in developing expertise that our clients will find attractive: in the networking space Software Defined Networking (SDN) is the direction, but there’s possibly more fun to be had at the application level with Information Rights Management (IRM).
There is no doubt that SDN and its cousin NFV (Network-Function Virtualisation) has changed the way in which organisations deploy and manage networks. Most network suppliers now offer virtualised network infrastructure that lets you forget where your applications and data are stored and magically operate anywhere in the world with your network supplier managing things in the background. Cisco has coined the phrase “fog computing” to indicate that we should no longer think in terms of data centers, the location of our applications and data is meaningless. I saw an interesting presentation from DELL that showed a user in the US climbing on an airplane, travelling to China and logging onto his application, with the network supplier managing the application deployment over the network in the background. While the presentation raised more questions than it answered the overall message was clear – access to applications and protected resources is no longer managed by AD groups – it’s a lot more interesting than that and the network guru who can explain what it means to their clients is a valuable resource.
At the application level things are equally exciting. Thanks to the Sony Enterprises debacle clients are running, not walking, to embrace secure information sharing technology. If you think about it – that’s the only thing that really matters. If we didn’t need to share documents or data we could lock everything down really tightly and have no worries about compromise. But that’s not reality – our staff want to work on cross-functional teams, our sales department wants to give clients access to production reports and our legal department wants to share confidential board meeting minutes with an external auditor. The environment in which we now work is complex but it does not have to be porous.  Companies providing secure document sharing are enjoying record interest. At the core of most applications is Microsoft rights management technology, currently undergoing major development under Azure Rights Management product program. AWS have developed an impressive product in WorkDocs and EMC have retained interest in their recently sold Syncplicity offering.
There are basically three areas to worry about with IRM (Information rights management) – data at rest, data in motion and data in use.
“Data at rest” is typically achieved via encrypted storage. If everyone is sharing a common pool of documents it is not too difficult to encrypt the lot and give the decryption keys to those that need it. But with the predominance of Dropbox, OneDrive and working from home it’s typically a bit more complex.
“Data in motion” is generally achieved with a VPN (Virtual private network) or via TLS (Transport Layer Security) but, if documents are encrypted anyway, this is often not required.
“Data in use” is where it becomes interesting and is a major differentiator when choosing a solution. Many product offerings require a proprietary client to be installed on end-point systems. While this solves a lot of problems for companies with a distributed SOE (Standard Operating Environment) it’s not so easy for BYOD (Bring Your Own Device) environments and mobile devices. Since most millennials don’t want to be tethered to a desk and would be lost with anything bigger than a 6 inch screen we need a solution for phablets. Many suppliers only support view properties on mobile devices but users want to edit and print. Another big differentiator is document classification. There’s not much point in having a good permissions-based document security system unless it’s easy for users to classify their documents. Some vendors provide a policy-based system that automates the classification task to some degree.
So this is another area in which a good consultant can save their clients’ money and aggravation by understanding their needs and planning the solution.
Yes – the future is bright.
 
 
Graham Williamson is Senior Analyst at KuppingerCole and covers the areas of Identity-as-a-Service, Dynamic Authorisation Control and Privacy. He has consulted in the Identity Management sector for 15 years and is the author of the book “Identity Management: A Primer”. Graham holds a bachelor of Applied Science degree from the University of Toronto and an MBA degree from Bond University. He has practical experience in the identity management and access control industry having completed assignments in the academic, government and large corporate industry sectors across three continents.

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Shifu Banking Trojan Changes the Game

Next Post

DDoS attack on NCA highlights need to be prepared, says Barracuda Networks

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Retail giant falls Victim to REvil Ransomware Attack

Retail giant falls Victim to REvil Ransomware Attack

January 27, 2021
an iPad and two generations of iPhone are laid out next to each other, from largest to smallest

iOS 14.4 Released to Fix Three Security Bugs

January 27, 2021
The Hacked and Yet to Be Hacked: SolarWinds Breach Shows Detection is Key to Reducing Risk and Damage

The Hacked and Yet to Be Hacked: SolarWinds Breach Shows Detection is Key to Reducing Risk and Damage

January 27, 2021
Increase in Ransomware Attacks on Healthcare Industry

Increase in Ransomware Attacks on Healthcare Industry

January 26, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept