Cyber security guide to the 10 most disruptive enterprise technologies
Information Age presents the top 10 disruptive technologies facing the enterprise - and the vital security implications around them
Short of time?
Deploying the latest and greatest technologies in an enterprise is one of the most effective ways of gaining competitive advantage, increasing efficiency, attracting the best talent, and, ultimately, driving new business and growth.
The pace of innovation has never been quicker than it is today, and it is the CIO’s job to understand which solutions are most aligned to the business goals of their organisation, and which to bat away.
Most challenging of all, however, is the ability to embrace the trends disrupting the status quo whilst also ensuring the organisation is protected from cyber threats. In light of persistent high-profile data breaches, security has emerged in recent years as the number one priority for IT leaders around the world.
What was traditionally seen as a simple component of an organisation’s infrastructure – throwing a firewall and antivirus solution down to ensure that compliance box is ticked – has evolved into something that keeps CSOs, CIOs and even CEOs awake at night.
There is a constant arms race where the attackers look to circumvent the security solutions that companies put in place, and the vendors and end-users look to improve the security of their solutions and policies.
Whilst deploying emerging technologies can undoubtedly be of enormous benefit to an enterprise, it also creates fresh opportunities for the hacking community.
Information Age has compiled the top 10 technologies disrupting enterprise IT, and quizzed leading experts on the security implications around them.
1. Software-defined everything (SDx)
Analysts have queued up to champion the software-defined data centre (SDDC) as the next big thing, while vendors have raced to have their voices heard as a leader in this growing field.
And who can blame them. The origins of the SDDC vision can essentially be drawn back to VMware’s virtualisation of the x86 architecture, an advancement which has seen compute virtualisation become a near-ubiquitous deployment throughout the enterprise world.
The SDDC basically extends the premise of virtualising servers, and wrapping them with highly automated software, across an organisation’s entire infrastructure. Thus moving from the traditional model of managing infrastructure, to one of automating infrastructure and delivering IT as a service.
However, a significant challenge lies on the people-process side.
ZK Research predicts that software-defined will reduce TCO in the data centre from 40% with legacy environments to 20%, but the new model of infrastructure delivery wildly disrupts the make-up of a traditional IT team.
The ability, or indeed willingness, of the CIO to take on this realignment is likely to be the key factor of when, or whether, this deployment takes off.
These issues also spread into security. Enterprises must quickly establish how to manage the security of this new data centre model and, particularly, who is responsible for the data and where it’s stored, says Mark Harris, VP of engineering at Sophos.
2. Social enterprise
The benefits of using social media for customer relations are fairly tried and tested now in the enterprise world, and there are very few major companies that aren’t taking advantage of it in some form.
It’s not difficult to work out the cost savings of using social media platforms to answer feedback against the cost of hiring a call centre full of customer service agents.
Marketing departments can track the resolution rate over the duration of a month and extrapolate numbers from it based on the cost of a customer service representative’s salary, as well as looking at sales increases as a direct result. It’s crystal clear to the C-suite while the IT and marketing departments are praised for their innovative use of technology – everyone is happy.
But when it comes to companies using social technology internally for collaboration and communication within their own walls, the issue of return on investment (ROI) can be a thorny one.
Businesses are implementing schemes without clear-set goals in mind, then stumbling at the first questions from the C-suite – the ones to whom they have to justify it all when it comes to asking for additional resources going forward. Ultimately, there is often no easy answer to measuring the value that new collaboration and communication platforms provide.
The road to being a social enterprise is also a thorny one for security, especially considering social channels are amongst the most popular attack points for hackers.
According to Neil Thacker, information security and strategy officer at Websense, the best approach to combat attacks is to focus on the data.
3. The Internet of Things
People say we live in a connected world. The ubiquity of smartphones and tablets has meant that people are constantly attached to technology, and able to carry out actions and services at a click of their mobile device.
But if you believe the hype of the Internet of Things (IoT), a truly connected world is nowhere near. Smart devices are just the beginning of a phenomenon that will see objects of any description – cars, shoes, kettles, books, teeth…anything – equipped with tiny internet-connected sensors that generate actionable data.
The sheer breadth of big data, therefore, knows no bounds. Just look at some of the forecasts: Gartner says that by 2020 the IoT will have grown to over 26 billion units; IDC puts it close to 30 billion, with an industry value of around $8.9 trillion; and Cisco reckons 50 billion by 2050, with a value of $14.4 trillion by 2023.
The result could transform the way we live our lives, at a proliferated rate of what the internet and smartphones have already achieved. Objects will no longer just be objects; they will effectively have brains. They will know about you: about your habits and your needs. And they will customise themselves to know exactly when and how you want to use them.
However, drastically increasing the amount of devices connected to the network undoubtedly increases the threat of cyber attack. This is something that will only exacerbate as IoT gets bigger and matures in the enterprise.
With that in mind, the prevailing concern is that many are racing into IoT deployment without proper consideration of security implications. If cyber criminals are already having a field day hacking into smartphones and PCs, what are they going to do when every other object in the world is connected?
Oliver Pinson-Roxburgh, systems engineering manager at Trustwave, says there is not enough due diligency being done in the development of IoT systems.
4. Enterprise app stores
As consumer technologies continue to amplify employee expectations in the workplace, it has never been more vital for businesses to enable those experiences.
However, keeping pace can often mean neglecting security policies and making the enterprise vulnerable to cyber threats. This is a particular concern in the realm of mobility.
The use of smartphones and tablets continues to proliferate in the enterprise as employees find new and productive ways of utilising mobile apps in their day-to-day work.
With mobile malware always on the rise, this is a headache that CIOs and CSOs can do without. And they do, sometimes simply by banning apps from being downloaded in the workplace.
In many enterprises, before employees can even install an app they must first check whether the app is supported. They must then log a ticket with IT and wait for access – on top of that, they’ve got to remember multiple passwords to do so.
Employees today expect to be able to deploy apps for work as easily as they do in their personal lives, putting the pressure on CIOs to balance that with business requirements regarding access and control.
Enterprise app stores have emerged as the natural solution. Replicating the experience of consumer app stores, companies can build a secure, customised catalogue to manage and distribute both internal and external apps.
James Sherlow, systems engineering manager at Palo Alto Networks, says an enterprise app store significantly reduces the amount of entry points hackers can attack to compromise the business.
5. Personal cloud
Analysts may record 2014 as the start of the era of the personal cloud, but many businesses would testify that it kicked off long before.
However, while personal cloud, and its bring-your-own-device (BYOD) partner in crime, is nothing new, the jury is still out on a uniform solution.
The specific device no longer matters to users; they want their digital content to be constantly accessible, mobile and housed in sleek, sophisticated apps.
Employees who consume personal cloud services at home have higher expectations of their IT systems and the way that services are delivered than ever before.
Not addressing this within the enterprise can lead to some serious problems. Banning such applications once they’ve already become prevalent in the enterprise is not the answer and will only result in reduced productivity.
Besides, it will only lead to users finding a way around it so that they can continue to do their job in that way.
On the other hand, continuing to allow it creates a security risk with regard to the flow of information or data, lack of control or regulation of shared information, and loss of ownership of information assets.
Greg Hanson, senior director, EMEA technical operations, Informatica, believes the problem lies with a lack of business tools that allow users to be able to collaborate and share data in an effective way.
Bring your own device (BYOD) has been an unstoppable force on the crest of the consumerisation wave, and one that companies have simply had to roll with.
But it is increasingly being rebranded as ‘bring your own disaster’, with IT departments desperately grappling for solutions that will allow them to take back some degree of control over the mobile environment, hastily assembling a raft of MDM (mobile device management) tools.
It has become obvious that the utopian ideal of BYOD is more myth than a practical reality for most firms. So has the BYOD wave broken?
A report by Gartner categorically declared the end of the era of BYOD, stating, ‘There is no way for IT to assume full responsibility of securing and managing devices without ownership.’
As a result of all these security and compliance issues, a rash of new acronyms has sprung up, all vying to be the next trendy buzzword.
Some companies are attempting a complete U-turn by introducing schemes such as ‘corporate-owned personally enabled’ (COPE), while ‘choose your own device’ (CYOD) lets employees choose from a limited selection of approved, corporate-liable device models with the levels of security and control that IT needs, but with the slight difference that the employee pays for the upfront cost of the hardware.
Both are approaches that embrace the consumerisation of IT in a controlled manner, but in the endless balancing act between giving employees the tools they’re happiest using – and are therefore more productive on – and making sure that those tools are work-appropriate, compliant and secure (as well as cost-effective), CYOD seems to tick a lot of boxes.
Whatever approach is taken, businesses must view it as a complete security policy, says Andy Bushby, technology director for mobile and information security at Oracle.
7. Web-scale IT
The internet giants of this world – Google, Facebook, Amazon etc. – are light-years ahead of the rest of the world when it comes to scaling IT to ensure capacity and performance. It’s something analysts now call web-scale IT.
These types of requirements haven’t been necessary for most organisations, and for the most part they still aren’t now – but that is all set to change as the effects of mobility, digitisation and the Internet of Things take hold.
Gartner predicts that the availability of capacity and performance management skills for horizontally scaled architectures will be a major constraint or risk to growth for 80% of major businesses by 2016. As such, it anticipates that web-scale IT methods will be found in 50% of global enterprises by 2017.
As well as allowing them to scale and grow rapidly, web-scale IT helps enterprises deploy new projects, apps and platforms at faster speeds. Users clearly benefit from cost savings, but more significant advantages come from flexibility and reduced time to market, as well as expanded revenue-generating opportunities.
Web-scale IT also demands new thinking about security. The web-scale efforts of criminals and hackers now costs the global economy £256 billion, McAfee predicts, at a time when security giant Symantec has admitted that anti-virus software only prevents 45% of file-based attacks at best.
Sian John, security strategist at Symantec, says web-scale IT could provide greater opportunities to hackers to access data.
8. Cloud computing
No list of disruptive enterprise technologies would be complete without a mention of cloud computing.. Not only has it shifted the way enterprises operate in recent years; it has emerged as one of the most transformative trends in the history of information technology.
Essentially, it has touched every single person in the world with access to the internet, and has drastically shaken up markets and changed the requirements for business.
There is no longer any doubt that practically every enterprise across the UK will adopt cloud in some way – the big question is exactly how that will be, to best suit each individual business’s needs.
The answer is, of course, complex, but can be broadly separated into three options: public, private or hybrid.
Small businesses have generally favoured public clouds from the likes of Google and Amazon Web Services so as to benefit from the low capex and quick deployments, while the large organisations that enjoy juicy IT budgets have opted to build their own private clouds.
For many in between, however, a hybrid model has gained popularity. This is not just for cost reasons, but in order to ease security concerns, as businesses can flaunt non-critical data in the public cloud while keeping the more sensitive data safely on-premise.
As organisations’ network and storage components look to follow servers into the realms of virtualisation, this road to cloud is only set to accelerate. The pressure is on the CIO to deploy the right cloud model at the right time, and to ensure security is at the heart of the whole process.
However, Don Smith, technology director at Dell Secureworks, believes a lot of the security concerns around cloud are unfounded, and it’s essentially a lot of the old problems simply in a new context.
9. Big data
Using data to tackle cyber threats and fraud is far from new – basic intrusion detection systems for detecting suspicious patterns in networks have been around for at least three decades. But as data volumes creep up to monstrous volumes, from gigabytes to terabytes, exabytes and beyond, protecting it is proving an increasingly daunting task.
Gartner estimates that the amount of data analysed by enterprise security organisations will double every year through to 2016. As a result of this explosion, businesses are failing to detect security breaches early enough.
But by sitting on their wealth of security data for longer, big data – and the new capabilities that are driving it – could actually become companies’ biggest security asset. According to a recent report by McAfee, 58% of firms are storing their invaluable security data for less than three months.
The evolution of big data tools is enabling security analytics to effectively add a level of context and awareness to security incidents that was previously impossible to achieve.
Big data analytics can also put businesses in a better position to predict attacks in advance by comparing network states before and after attacks. Businesses can identify when, where and how an attacker is most likely to strike and take preventative measures accordingly. These tools can even help identify weaknesses in the network, and alert security teams appropriately.
According to AlienVault CEO Barmak Meftah, big data will allow businesses to have much better security visibility and threat intelligence.
10. Wearable technology
For the last few years, the rapid absorption of consumer mobile devices in the enterprise has been empowering workers from every sector to be productive in new and novel ways.
Some would argue that the wave of wearable devices now hitting the consumer markets could be the natural next step to this, with the same kind of security issues that IT departments are having to tackle around BYOD.
The intricacies of security and authentication with wearable devices in the workplace are still in their early stages of being worked out, but one thing is definite- they're going to make waves across a vast variety of industry sectors, and businesses need to be prepared.
Workers sitting at a desk all day might not find much use in hyper-portable and hands-free wearables, but so far developers for products such as augmented reality (AR) smart glasses are finding numerous applications in the warehouse, assembly line, hospital, or out in the field working on oil and gas pipelines.
It's a utopian vision for the workplace of the future in which everyone will effectively become 'knowledge workers' empowered by data.
But adapting consumer technology for the enterprise market still comes with its security pitfalls.
Businesses must assess the threats around wearable technology early, rather than wait until employees start using them regularly in the workplace, according to Jason Steer, director of technology strategy at FireEye.