Apps have been a very popular technology for 2009. From a security point of view application firewalling is proving to be very important as businesses need to be able to control what employees are doing within applications such as Facebook and Skype, they could be file sharing and instant messaging other users that might not be trustworthy.
With many businesses only having basic application control at the moment, allowing employees to access feature rich websites can potentially put businesses at risk.
Palo Alto Networks provide a unique technology in the firewall marketplace that allows businesses to gain application usage visibility and affect a policy to control social networking site access from almost any aspect such as chat, email, apps and file transfer.
In particular Web 2.0 has grown dramatically in 2009 and will continue to pave the way for larger malware attacks in the SMB space in 2010. The question of security is significant as integrated functionality is used to convey information.
With Social networking sites their very essence is defined by feature rich functionality and this encompasses web, chat, audio, video, pictures and integrated applications.
There are issues of personal data to consider with profile information but the most significant risks exist with the integrated applications as these can be hosted by a third party and so are not subject to any security or information assurance controls.
In the last 18months it has been demonstrated that these applications can have malware or functionality issues, which have serious security implications.
Trends are also indicating that hackers are moving away from attacking the operating system that resides on endpoints and servers, and are now targeting the applications that sit on top, this allows them to go unnoticed for longer.
There are now 1000s of applications available and patching doesn’t seem to be keeping up, it is far less advanced and efficient, which potentially provides hackers with an open target.
Businesses must bear this in mind when updating and implementing security solutions. Data is now the new currency in the business world, everyone is more aware of how valuable it is and despite an increase in data loss incidents in 2008, this has almost halved in 2009.
Businesses need to take a step back and take a holistic view at what they are trying to protect; it is not just a building, a laptop, a file, a password, it is an organisation and its information.
Businesses need to identify where the high risk areas are, such as server rooms and individual servers and work outwards in order to protect their data.
Although some organisations are now deploying technology to address areas of data security, such as encryption and device control, there are still many that have not.
We have found that organisations are still very early in the adoption of Data Leakage Protection (DLP). The problem is that many do not know where to start.
Companies need to gain visibility of how big their data security problem may be, and define a data security strategy that maps out what type of DLP solution is appropriate to their business, and how to go about implementing this solution.
There have been enough breaches in the past few years to prove that companies need to be more aware of data and how to secure it however, they just haven’t all had enough time to do this yet and not all know where to start.
We are still seeing longer sales cycles and more authorising signatures required to raise PO’s. We expect this to continue into 2010.
However, regulations enforce IT Security within many industry sectors and so the impact of the recession on the information security sector has and should hopefully continue to be forgiving.
We expect to see mergers/acquisitions being more active than in 2009 as the economy improves and share prices rise. Potentially we will see more sizable m&a’s but there will be less bargains to be had.