Please share your comments; critics make life meaningful!

Saturday, March 24, 2018

Mega-trends in Enterprise Information Security

The enterprise perimeter has become punctuated with multiple technology and business factors including advent of mobility and connected devices (BYOD, and IoT), adoption of cloud technologies and solutions (IaaS, PaaS and SaaS), and proliferation of shadow IT (budgets for technologies managed outside of IT such as for marketing and digital initiatives). Consequently, the enterprise information security mandates and expectations need to be commensurate with these phenomenal changes. There is complete acknowledgement of this need which is being witnessed in the form of some key changes in the component domains of information and cyber security. 

From a strategic perspective, security governance, risk management and compliance have been the key domains - referred to as GRC. Technology platforms in this space have slowly matured over the last decade plus but rarely kept in pace with the needs of an enterprise to evaluate their specific security risks, assess those risks internally and track deployment of risk mitigation measures. Meanwhile, the GRC space itself has been transformed to something which Gartner calls Integrated Risk Management (IRM). Existing GRC technology platforms are no surprise front runners to fulfil this space but we are likely to see a similar lag between the enterprise ask of IRM and why technology platform providers can offer.

On the operational side, two areas have solidified as critical to enterprise information security - Identity & Access Management (IAM) and Security Operations (SOC). 
  • IAM got disected to several specialization domains such as Identity Provisioning/Deprovisioning, SSO, Identity Governance & Administration, Access Management & Certification, Privileged Identity Management (PIM) etc and we are seeing a return consolidation of all of these domains back to IAM, and there is considerable possibility and appetite to consider outsourcing of the IAM platforms.
  • SOC has been highly outsourced from the beginning  through service offerings called Managed Security Services (MSS) provided by MSSPs (MSS provides) based on two core security platforms - one for logging and correlation of security event logs called Securiry Information and Event Management (SIEM). SIEM, and another for tracking leakage of information called Data Leakage Prevention (DLP). Both platforms have gone through significant metamorphosis over the last decade plus. From pure log collection, to focussed correlation, to a combination of both and inclusion of behavioural analytics, SIEM has been through quite a bit of transition and evolution. DLP has been a monolithic platform to look at data traversing a perimeter whether that of a device or a network, and matching certain criteria that makes such data inappropriate to traverse though that perimeter. With the enterprise boundaries vanishing literally into the cloud, we have had to look at managing data with in the numerous repositories it can get created and stored at, and preventing such data from going across trust boundaries from such repositories. The new class of managed service providers in this space are now said to be providing Managed Detection & Response (MDR) Services.

It is worth examining each of these mega trends above which I will attempt to do in subsequent blogs.

Meanwhile, we are continuing to witness paradigm shifts in enterprise security where pointed capabilities for management of specific security capabilities are being replaced by broad spectrum solutions at scale, and often hosted in the cloud. There is likely to be further consolidation in this space where existing players broaden their scope while large enterprise players traditionally not known for security emerge as key players and new ones emerge in the horizon leap frogging on Artificial Intelligence and Machine Learning.