the next three to five years
Data security has been an issue of huge concern for organizations involved in most domains. Organizations face security threats and vulnerabilities that may be attributed to several factors. This may also be attributed to their increasing use of more devices, applications, communication methods, and customer data. As organizations strive to meet the challenges associated with data security, the security risk in information technology is constantly rising (National Academics Press, 2012). Thus risk-mitigation strategies too need to constantly evolve to face the emerging threats.
According to security experts RSA, the security division of EMC Corporation, a market-changing impact across several product categories pertaining to information security could be evident by 2015. These are expected to include fraud detection, identity management, user authentication and authorization, and risk and compliance systems. The huge data volumes to be handled would also change the landscape of the established security approaches. In the next three to five years, the data analytics tools are expected to evolve further so as to enable automated real-time controls and a broader range of advanced predictive capabilities. Eddie Schwartz, the chief information security officer at RSA, opines that intelligence driven-security models appropriate for big data analytics would be the security mode in the subsequent coming years (Info Security, 2013). Organizations should have a holistic cyber security strategy that is tailored to its specific information security risks and threats.
The European Network and Information Security Agency (ENISA) has identified five major areas in information security that require considerable research to meet its associated security risks in the next three to five years. These are Cloud computing, Real-time detection and diagnosis systems (RTDDS), Future wireless networks, Sensor networks, and Supply chain integrity (ENISA, 2012).
Cloud computing: Several aspects of data protection in the cloud environment pose new challenges. A clear chain of trust need to be established from the client application to the server application which involves new challenges. The trust associated with the hardware-software chain need to be adapted to the cloud environment. The in-depth practices for protecting data require being scaled and adapted to protect cloud services.
Real-time detection and diagnosis systems: RTDDS have several important challenges and issues that require considerable investigation. Diagnosis systems capable of misuse and anomaly detection while also minimizing false alarm need to be developed which is a challenge. Scalable solutions and technologies are required as the interconnection of small embedded devices with limited power make measurements and detection harder. Intrusion detection approaches for wireless communication transmission media also require major research and development.
Future wireless networks: Several secure routing protocols for ad-hoc networks and mobile- networks do not support QoS-aware routing metrics. Also intrusion and misbehavior detection and recovery mechanisms for wired networks are not compatible for mesh networks. Research should focus on these requirements to develop appropriate robust networking mechanisms.
Sensor networks: The Internet needs to evolve so as to be capable of supporting a big number of additional endpoints that are integrated to overlapping sub-networks that have relatively poor capability in processing-power, communication-links, energy, and storage. The negative impact of resilience vulnerabilities need to be addressed while also ensuring that sensor network applications in critical infrastructures are adequately protected.
Supply chain integrity: As almost all aspects of life depend on electronic equipments, the integrity and safety of the supply chain is crucial for the trust and confidence in the infrastructure. For his, new generation technologies for ICT supply chain integrity and new integrity assessment tools are required. New models and mechanisms must be developed to address multiple areas of the ICT supply chain. Such developments must be at an international level, as the ICT supply chain encompasses all those involved in building, configuring, and using the ICT systems, across governments, private sector, and the academia.
Information security personnel therefore need to focus beyond short-term needs, looking into security and privacy issues on the long-term. Harry Greenspun of Deloitte Center for Health Solutions says that we need to look ahead for say three to five or even ten years ahead, determining who would use the information, how and for what purposes would it be used, and accordingly architect and manage the system (McGee, 2013). Information security is a key driver of organizational performance and sustenance. With advancements in technology, information security is increasingly challenged, thereby requiring to be constantly updated. In the days to come, data security would be an increasing priority for organizations given the increasing relevance of data handled. The information security risks in the next three to five years are definitely of considerable consequence to organizations, which require being prepared in meeting the threats effectively. The rapid development of computer technology has no doubt expanded the communications and information markets. This has however come with immense social and economic costs. The very technology that brings benefit through it useful abilities is also vulnerable to harm. However with effective tools, procedures, apt risk-mitigation strategies, and a regular audit of these, organizations can contribute considerably to their information security
References
ENISA (2012) Priorities for research on Current and emerging network technologies. FAQs to priorities to research Heraklion, Greece
Info Security (2013) Big data to drive massive overhaul in security practices in next 24 months. Retrieved on 16th April 2013 from http://www.infosecurity-magazine.com/view/30300/big-data-to-drive-massive-overhaul-in-security-practices-in-next-24-months/
McGee M.K (2013) Evolving security challenges for CIO. Retrieved on 15th April 2013 from
http://www.healthcareinfosecurity.com/interviews/evolving-security-challenges-for-cios-i-1852
The National Academies Press (2012) Risk Mitigation. Retrieved on 16th April 2013 from http://www.nap.edu/openbook.php?record_id=11183&page=41
