It's Time to 'Take Security Out of the Closet'

By , July 14, 2010.
It's Time to 'Take Security Out of the Closet'


See Also: Rethinking Endpoint Security

ith emerging technologies such as cloud computing and mobility, it isn't that the service providers don't have enough security in place; it's that they don't do enough to tell businesses and consumers about their security measures.

"They have to take security out of the closet," says Jonathan Penn, VP and senior analyst at Forrester. "[Vendors] don't just need more security; they need to be more transparent."

In an exclusive interview, Penn discusses:

  • The hottest emerging technologies;
  • Why service providers need to market their security better;
  • the greatest security vulnerabilities and how to address them.

Penn advises tech industry vendor strategy professionals, predicting and quantifying growth and disruption in the technology industry. He provides advice and support about IT security technologies, services, and requirements to vendors and service providers, helping to shape their overall strategies and market positioning, as well as their product, services, sales, and partnering plans. Penn also researches enterprise security strategies and implementations, with a particular emphasis on data protection, online consumer security, and identity management.

Over the past 10 years, Penn has written and spoken extensively on security in many business and IT venues, focusing on trends, innovations, and challenges in security solutions and practices. He has been widely quoted in publications like CSO Magazine, Information Security Magazine, the Financial Times, The Economist, and The New York Times, and has appeared on CNBC and National Public Radio.

TOM FIELD: What are some of the emerging technologies that we need to be paying attention to in the second half of 2010?

Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about emerging technologies with Jonathan Penn, Vice President and Senior Analyst at Forrester Research.

Jonathan thanks so much for joining me today.

JONATHAN PENN: My pleasure.

FIELD: Just to get us started, why don't you tell us a little bit about your current research?

PENN: Sure. Well, I look at the security market quite broadly, and my focus is really on the disruptive trends that are transforming the market. So, new vendors, new technologies, changes in market needs -- of course also what the hackers and criminals are up to, as well, have an important impact there. So, some of the things I am looking at now: cloud security, cybersecurity and critical infrastructure protection, which is up on the ladder of new spending and attention as well. Some of the things in consumer security and some of the needs there that are being addressed by some emerging players in that market.

FIELD: When you look at all of these different marketplaces, what would you say are the hottest emerging technologies?

PENN: There is actually a lot of innovation happening in security. It continues to be quite a vibrant area of investment and start-up activity. Some of the areas I see: Network security is an area of continuing innovation. Right now the focus has been on getting deeper inside and doing more analysis on the network activity. We have seen security information event management, but that is really moving towards deeper inspection of the network activity. Companies like NetWitness, Packet Motion, Solera and others that are giving much better understanding not only from a forensic perspective, but also real-time analysis of what is going on in your network, and that is very useful as well from a cybersecurity perspective.

On identity management, federation, which is really verging the identities that are being managed in your enterprise with SAAS environments -- that is really what is driving federation there is to most seamlessly link the enterprise SAAS from an identity perspective.

Application security and vulnerability management, as well, is another area; this is really the front line of attacks. Fraud is a big area as well for banks, but also retail, insurance. We are seeing a lot of activity and innovation there like profiling and device reputation, as well as deeper transaction analysis.

There is a lot happening in data security. DLP adoption continues to grow (that is Data Leak Prevention technology), but there are also things happening in database security, data masking and database monitoring. Tokenization is a big issue. Basically trying to make the information that is such a prime target for identity thieves that much more meaningless by turning it into something that isn't directly useable by them.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Big Data Analytics: Lessons Learned

Most organizations have yet to realize the cybersecurity benefits of big data analytics, says...

Latest Tweets and Mentions

ARTICLE Big Data Analytics: Lessons Learned

Most organizations have yet to realize the cybersecurity benefits of big data analytics, says...

The ISMG Network